Permalink
CVE-2021-47844
6.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
24 packages
- libmaxminddb
- phpExtensions.maxminddb
- python312Packages.xmind
- python313Packages.xmind
- dotnetPackages.MaxMindDb
- php81Extensions.maxminddb
- php82Extensions.maxminddb
- php83Extensions.maxminddb
- php84Extensions.maxminddb
- python312Packages.maxminddb
- python313Packages.maxminddb
- dotnetPackages.MaxMindGeoIP2
- perlPackages.MaxMindDBCommon
- perl540Packages.MaxMindDBReaderXS
- perl538Packages.MaxMindDBReaderXS
- perl540Packages.MaxMindDBWriter
- perl540Packages.MaxMindDBReader
- perl540Packages.MaxMindDBCommon
- perl538Packages.MaxMindDBWriter
- perl538Packages.MaxMindDBReader
- perl538Packages.MaxMindDBCommon
- perlPackages.MaxMindDBWriter
- perlPackages.MaxMindDBReader
- perlPackages.MaxMindDBReaderXS
- @LeSuisse dismissed
Xmind 2020 - Persistent Cross-Site Scripting
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
References
- Official Xmind Product Homepage product
- Proof of Concept Video exploit
- VulnCheck Advisory: Xmind 2020 - Persistent Cross-Site Scripting third-party-advisory
- ExploitDB-49827 exploit
- https://www.vulncheck.com/advisories/xmind-persistent-cross-site-scripting exploit
Affected products
Xmind
- ==2020
Matching in nixpkgs
pkgs.xmind
All-in-one thinking tool featuring mind mapping, AI generation, and real-time collaboration
-
nixos-unstable 25.07.03033-202507241842
- nixpkgs-unstable 25.07.03033-202507241842
- nixos-unstable-small 25.07.03033-202507241842
Package maintainers
-
@michalrus Michal Rus <m@michalrus.com>