Mrchuckomo

**Name of the Vulnerable Software and Affected Versions** Poddycast versions prior to 0.8.1 **Description** The application does not clean the HTML characters of the podcast information obtained from the Feed, which allows the injection of HTML and JS code, resulting in cross-site scripting. As Poddycast is made with Electron, this cross-site scripting can be scaled to remote code execution, making it possible to execute commands on the machine where the application is running. **Recommendations** For versions prior to 0.8.1, update to version 0.8.1 to resolve the issue. As a temporary workaround, consider restricting the use of podcast information obtained from untrusted Feeds to minimize the risk of exploitation.