CVE-2025-61306
Received Received - Intake
Reflected XSS in docuForm Mercury Managed Print Services

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2025-61306
EUVD
EUVD-2025-209765
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gmbh_mecury docuform 11.11c
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-61306 is a stored cross-site scripting (XSS) vulnerability in the dfm-menu_coveragealerts.php component of the docuForm FSM Server software version 11.11c.

The vulnerability occurs because the application improperly neutralizes user-controllable input, allowing an authenticated attacker to inject arbitrary JavaScript code.

This malicious code is stored by the application and later rendered unsafely in the browsers of other users, enabling exploitation.


How can this vulnerability impact me? :

Successful exploitation of this vulnerability can lead to theft of sensitive session identifiers or personal user information.

Attackers may perform unauthorized account takeover, cause victims to perform unintended actions, or modify the application.

The risk level is high with a CVSS 3.1 score of 7.3, indicating significant potential impact.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability involves the injection of arbitrary JavaScript code into the dfm-menu_coveragealerts.php component of the docuForm FSM Server software. Detection typically requires inspecting HTTP requests and responses for suspicious or unfiltered input in this specific component.

You can use web application security scanning tools or manual testing to detect reflected or stored XSS by sending crafted payloads to the dfm-menu_coveragealerts.php endpoint and observing if the payload is executed or reflected in the response.

  • Use curl or similar tools to send test payloads, for example: curl -X POST -d "input=<script>alert('XSS')</script>" http://target/docuForm/dfm-menu_coveragealerts.php
  • Use a web proxy tool like Burp Suite to intercept and modify requests to inject JavaScript payloads and monitor responses for execution or reflection.
  • Check server logs and application logs for suspicious input patterns or unexpected script tags in user input fields related to coverage alerts.

What immediate steps should I take to mitigate this vulnerability?

The vendor published a fix for this vulnerability in November 2025. The immediate step is to apply the vendor-provided patch or update to docuForm FSM Server version 11.11c or later that addresses this XSS vulnerability.

Until the patch is applied, consider implementing web application firewall (WAF) rules to block or sanitize suspicious input targeting the dfm-menu_coveragealerts.php component.

Educate users to avoid clicking on suspicious links or inputs that could exploit this vulnerability and monitor for unusual activity that might indicate exploitation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart