CVE-2025-27921

Name of the Vulnerable Software and Affected Versions Output Messenger versions prior to 2.0.63

Description A reflected cross-site scripting (XSS) issue was discovered, where unsanitized input could be injected into the web application’s response. This occurs when user-controlled input is reflected back into the browser without proper sanitization or encoding.

Recommendations For versions prior to 2.0.63, update to version 2.0.63 or later to resolve the issue. As a temporary workaround, consider implementing proper input sanitization and encoding to prevent user-controlled input from being injected into the web application’s response.