Xmind version 2020 suffers from a cross site scripting vulnerability that can lead to remote code execution.