A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization or encoding.
CVSS
No CVSS.
References
| Link | Resource |
|---|---|
| https://www.outputmessenger.com/cve-2025-27921/ | Vendor Advisory |
| https://www.srimax.com/products-2/output-messenger/ | Product |
Configurations
History
13 Jun 2025, 18:40
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:srimax:output_messenger:*:*:*:*:*:*:*:* | |
| First Time |
Srimax
Srimax output Messenger |
|
| References | () https://www.outputmessenger.com/cve-2025-27921/ - Vendor Advisory | |
| References | () https://www.srimax.com/products-2/output-messenger/ - Product |
05 May 2025, 16:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-05-05 16:15
Updated : 2025-06-13 18:40
NVD link : CVE-2025-27921
Mitre link : CVE-2025-27921
JSON object : View
Products Affected
srimax
- output_messenger
CWE
No CWE.