Nixpkgs security tracker

Login with GitHub

Suggestions search

Dismissed
Filter by:
With package: xmind

Found 1 matching suggestions

View:
Compact
Detailed
Permalink CVE-2021-47844
6.1 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): Low (L)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 4 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 4 months, 1 week ago
  • @LeSuisse ignored
    24 packages
    • libmaxminddb
    • phpExtensions.maxminddb
    • python312Packages.xmind
    • python313Packages.xmind
    • dotnetPackages.MaxMindDb
    • php81Extensions.maxminddb
    • php82Extensions.maxminddb
    • php83Extensions.maxminddb
    • php84Extensions.maxminddb
    • python312Packages.maxminddb
    • python313Packages.maxminddb
    • dotnetPackages.MaxMindGeoIP2
    • perlPackages.MaxMindDBCommon
    • perl540Packages.MaxMindDBReaderXS
    • perl538Packages.MaxMindDBReaderXS
    • perl540Packages.MaxMindDBWriter
    • perl540Packages.MaxMindDBReader
    • perl540Packages.MaxMindDBCommon
    • perl538Packages.MaxMindDBWriter
    • perl538Packages.MaxMindDBReader
    • perl538Packages.MaxMindDBCommon
    • perlPackages.MaxMindDBWriter
    • perlPackages.MaxMindDBReader
    • perlPackages.MaxMindDBReaderXS
    4 months, 1 week ago
  • @LeSuisse dismissed 4 months, 1 week ago
Xmind 2020 - Persistent Cross-Site Scripting

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.

Affected products

Xmind
  • ==2020

Matching in nixpkgs

Ignored packages (24)

Package maintainers

Impact an old versions not present in supported nixpkgs branches.