Srimax Output Messenger vulnerabilities
2 known vulnerabilities affecting srimax/output_messenger.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-27920P1HIGHCVSS 8.8KEVfixed in 2.0.632025-05-05
CVE-2025-27920 [HIGH] CWE-24 CVE-2025-27920: Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
nvd
CVE-2025-27921P4MEDIUMCVSS 6.1fixed in 2.0.632025-05-05
CVE-2025-27921 [MEDIUM] CWE-79 CVE-2025-27921: A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.6
A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization or encoding.
nvd