CVE-2025-61308
Reflected XSS in docuForm Mercury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61308 is a cross-site scripting (XSS) vulnerability in the dfm-menu_maintenance.php component of the docuForm FSM Server software version 11.11c. It allows an attacker to inject arbitrary JavaScript code by exploiting improper neutralization of user-controllable input.
Specifically, an authenticated attacker can inject malicious scripts that are stored by the application and later executed in the browsers of other users who access the affected page.
How can this vulnerability impact me? :
This vulnerability can lead to the theft of sensitive session identifiers or personal information from users.
It may result in unauthorized account takeover, unintended actions performed on behalf of the victim, or unauthorized modifications to the application.
Overall, it poses a high risk to user security and application integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the injection of arbitrary JavaScript code into the dfm-menu_maintenance.php component of the docuForm FSM Server software. Detection typically requires inspecting HTTP requests and responses for suspicious or unfiltered input parameters that may contain JavaScript payloads.
You can use web application security testing tools or manual inspection with commands such as curl or wget to send crafted requests to the vulnerable endpoint and observe the response for reflected or stored scripts.
- Example curl command to test for XSS injection: curl -i -X GET 'http://target-server/dfm-menu_maintenance.php?param=<script>alert(1)</script>'
- Use browser developer tools or intercepting proxies (e.g., Burp Suite) to analyze the response and check if the injected script is reflected or stored.
What immediate steps should I take to mitigate this vulnerability?
The vendor has released a fix for this vulnerability in November 2025. The immediate step is to apply the vendor-provided patch or update to the docuForm FSM Server software to version 11.11c or later where the issue is resolved.
Until the patch is applied, consider implementing input validation and output encoding on the affected component to prevent execution of injected scripts.
Additionally, restrict access to the vulnerable component to trusted users only and monitor logs for suspicious activity that may indicate exploitation attempts.