Reported a code execution via cross site scripting in TagSpaces. The XSS is used to escape the sandbox of electron to gain code execution in TagSpaces.

References:

• https://huntr.dev/bounties/1-other-tagspaces/tagspaces/

• https://huntr.dev/bounties/1-other-tagspaces/viewerText/