Reflected Cross-Site Scripting Vulnerability in Output Messenger by SRI Max
CVE-2025-27921

6.1MEDIUM

Key Information:

Vendor

SRI Max

Vendor
CVE Published:
5 May 2025

What is CVE-2025-27921?

A reflected cross-site scripting (XSS) vulnerability has been identified in Output Messenger, allowing attackers to inject unsanitized input into the web application’s response. This security flaw arises when user-controlled input is reflected back to the client’s browser, posing a risk of executing malicious scripts. Users are advised to upgrade to version 2.0.63 or later to mitigate this issue and ensure the security of their communications.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.