CVE-2025-61307
Reflected XSS in Mecury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | 11.11c |
| gmbh_mecury | docuform_fsm_server | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61307 is a cross-site scripting (XSS) vulnerability found in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) version 11.11c. It allows attackers to inject arbitrary JavaScript code into an unfiltered variable, which then executes in the context of a user's browser.
This vulnerability arises due to improper neutralization of user-controllable input, enabling an attacker to craft a payload that runs malicious scripts when a user accesses the affected page.
How can this vulnerability impact me? :
The vulnerability can lead to the execution of arbitrary JavaScript in a user's browser, which may result in theft of sensitive session data or personal information.
- Unauthorized account takeover
- Unintended actions performed on behalf of victims
- Modifications to the application
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable component and testing for reflected or stored cross-site scripting (XSS) in the acc-menu_papers.php or dfm-menu_papers.php pages of the GmbH Mecury docuForm FSM Server version 11.11c.
One approach is to manually test the affected URL by injecting common XSS payloads into input parameters and observing if the payload is reflected or stored and executed in the browser.
Example commands using curl to test for reflected XSS might include:
- curl -i "http://target/docuform/acc-menu_papers.php?param=<script>alert('XSS')</script>"
- curl -i "http://target/dfm-menu_papers.php?param=<script>alert('XSS')</script>"
Additionally, using automated web vulnerability scanners that support XSS detection can help identify this issue.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor-provided patch or update released in November 2025 that fixes this vulnerability in docuForm FSM Server version 11.11c.
Until the patch can be applied, consider implementing input validation and output encoding on the affected parameters to prevent injection of malicious scripts.
Additionally, restrict access to the vulnerable component to trusted users only, and monitor logs for suspicious activity that might indicate exploitation attempts.