CVE-2021-47844

Sažetak

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.

Reference

https://imgur.com/a/t96Nxo5
https://www.exploit-db.com/exploits/49827
https://www.vulncheck.com/advisories/xmind-persistent-cross-site-scripting
https://www.xmind.net/
https://www.vulncheck.com/advisories/xmind-persistent-cross-site-scripting

CVSS

Base:	6.1
Impact:	2.7
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

26-01-2026 - 15:05

Objavljeno

16-01-2026 - 19:16