StudyMD version 0.3.2 suffers from a cross site scripting vulnerability that can lead to remote code execution.