Vulnerability Database

322,905

Total vulnerabilities in the database

CVE-2021-47844

Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.

Published: Jan 16, 2026
Updated: Jan 17, 2026
CVE: CVE-2021-47844
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://imgur.com/a/t96Nxo5
https://www.exploit-db.com/exploits/49827
https://www.vulncheck.com/advisories/xmind-persistent-cross-site-scripting
https://www.xmind.net/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo