CVE-2021-33041
CVE-2021-33041 affects vmd up to version 1.34.0, where attacker-supplied content containing div class="markdown-body" enables XSS. Documented demonstrations show Electron-based remote code execution via Electron’s require('child_process').execSync('calc.exe') on Windows, with a similar attack on ...