CVE-2025-61307
Reflected XSS in Mecury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | 11.11c |
| gmbh_mecury | docuform_fsm_server | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61307 is a cross-site scripting (XSS) vulnerability found in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) version 11.11c. It allows attackers to inject arbitrary JavaScript code into an unfiltered variable, which then executes in the context of a user's browser.
This vulnerability arises due to improper neutralization of user-controllable input, enabling an attacker to craft a payload that runs malicious scripts when a user accesses the affected page.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The reflected cross-site scripting (XSS) vulnerability in GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary JavaScript in users' browsers, potentially leading to theft of sensitive session data or personal information.
Such unauthorized access and exposure of personal data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.
Therefore, this vulnerability poses a risk to compliance by potentially enabling data breaches and unauthorized actions that violate these standards' requirements for data confidentiality and integrity.
How can this vulnerability impact me? :
The vulnerability can lead to the execution of arbitrary JavaScript in a user's browser, which may result in theft of sensitive session data or personal information.
- Unauthorized account takeover
- Unintended actions performed on behalf of victims
- Modifications to the application
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying the presence of the vulnerable component and testing for reflected or stored cross-site scripting (XSS) in the acc-menu_papers.php or dfm-menu_papers.php pages of the GmbH Mecury docuForm FSM Server version 11.11c.
One approach is to manually test the affected URL by injecting common XSS payloads into input parameters and observing if the payload is reflected or stored and executed in the browser.
Example commands using curl to test for reflected XSS might include:
- curl -i "http://target/docuform/acc-menu_papers.php?param=<script>alert('XSS')</script>"
- curl -i "http://target/dfm-menu_papers.php?param=<script>alert('XSS')</script>"
Additionally, using automated web vulnerability scanners that support XSS detection can help identify this issue.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to apply the vendor-provided patch or update released in November 2025 that fixes this vulnerability in docuForm FSM Server version 11.11c.
Until the patch can be applied, consider implementing input validation and output encoding on the affected parameters to prevent injection of malicious scripts.
Additionally, restrict access to the vulnerable component to trusted users only, and monitor logs for suspicious activity that might indicate exploitation attempts.