Filtered by vendor Srimax
Subscribe
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27921 | 1 Srimax | 1 Output Messenger | 2025-06-13 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability was discovered in Output Messenger before 2.0.63, where unsanitized input could be injected into the web application’s response. This vulnerability occurs when user-controlled input is reflected back into the browser without proper sanitization or encoding. | |||||
| CVE-2025-27920 | 1 Srimax | 1 Output Messenger | 2025-05-21 | N/A | 7.2 HIGH |
| Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. | |||||