Notaisyo

**Name of the Vulnerable Software and Affected Versions** vmd versions through 1.34.0 **Description** The issue allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child process').execSync('calc.exe') on Windows and a similar attack on macOS. **Recommendations** For versions through 1.34.0, update to a version that contains a fix for this issue to prevent XSS and remote code execution attacks. As a temporary workaround, consider restricting the use of the `require('child process').execSync()` function until a patch is available. Avoid using the `div class="markdown-body"` element in affected areas until the issue is resolved.