Nixpkgs security tracker
6.1 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): CHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Xmind 2020 - Persistent Cross-Site Scripting
Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening.
References
-
ExploitDB-49827 exploit
-
Official Xmind Product Homepage product
-
Proof of Concept Video exploit
-
Affected products
- ==2020
Matching in nixpkgs
pkgs.xmind
All-in-one thinking tool featuring mind mapping, AI generation, and real-time collaboration
-
nixos-unstable 25.04.03523-202505300040
- nixpkgs-unstable 25.04.03523-202505300040
- nixos-unstable-small 25.04.03523-202505300040
-
nixos-25.11 25.07.03033-202507241842
- nixpkgs-25.11-darwin 25.07.03033-202507241842
pkgs.libmaxminddb
C library for working with MaxMind geolocation DB files
pkgs.phpExtensions.maxminddb
C extension that is a drop-in replacement for MaxMind\Db\Reader
pkgs.python312Packages.xmind
Python module to create mindmaps
pkgs.python313Packages.xmind
Python module to create mindmaps
pkgs.dotnetPackages.MaxMindDb
None
pkgs.php81Extensions.maxminddb
C extension that is a drop-in replacement for MaxMind\Db\Reader
pkgs.php82Extensions.maxminddb
C extension that is a drop-in replacement for MaxMind\Db\Reader
pkgs.php83Extensions.maxminddb
C extension that is a drop-in replacement for MaxMind\Db\Reader
pkgs.php84Extensions.maxminddb
C extension that is a drop-in replacement for MaxMind\Db\Reader
pkgs.python312Packages.maxminddb
Reader for the MaxMind DB format
pkgs.python313Packages.maxminddb
Reader for the MaxMind DB format
pkgs.dotnetPackages.MaxMindGeoIP2
None
pkgs.perlPackages.MaxMindDBCommon
Code shared by the MaxMind DB reader and writer modules
pkgs.perlPackages.MaxMindDBReader
Read MaxMind DB files and look up IP addresses
pkgs.perlPackages.MaxMindDBWriter
Create MaxMind DB database files
pkgs.perlPackages.MaxMindDBReaderXS
Fast XS implementation of MaxMind DB reader
pkgs.perl538Packages.MaxMindDBCommon
Code shared by the MaxMind DB reader and writer modules
pkgs.perl538Packages.MaxMindDBReader
Read MaxMind DB files and look up IP addresses
pkgs.perl538Packages.MaxMindDBWriter
Create MaxMind DB database files
pkgs.perl540Packages.MaxMindDBCommon
Code shared by the MaxMind DB reader and writer modules
pkgs.perl540Packages.MaxMindDBReader
Read MaxMind DB files and look up IP addresses
pkgs.perl540Packages.MaxMindDBWriter
Create MaxMind DB database files
pkgs.perl538Packages.MaxMindDBReaderXS
Fast XS implementation of MaxMind DB reader
pkgs.perl540Packages.MaxMindDBReaderXS
Fast XS implementation of MaxMind DB reader
Package maintainers
-
@dasJ Janne Heß <janne@hess.ooo>
-
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@piotrkwiecinski Piotr Kwiecinski <piokwiecinski+nixpkgs@gmail.com>
-
@drupol Pol Dellaiera <pol.dellaiera@protonmail.com>
-
@talyz Kim Lindberger <kim.lindberger@gmail.com>
-
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
-
@aanderse Aaron Andersen <aaron@fosslib.net>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@michalrus Michal Rus <m@michalrus.com>