CVE-2021-47844
MEDIUMXmind 2020 - XSS
Title source: llmDescription
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
Exploits (1)
exploitdb
WORKING POC
by TaurusOmar · javascriptwebappsmultiple
https://www.exploit-db.com/exploits/49827
Scores
CVSS v3
6.1
EPSS
0.0002
EPSS Percentile
4.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Timeline
Published
Jan 16, 2026
Tracked Since
Feb 18, 2026