CVE-2025-61309
Received Received - Intake
Reflected XSS in docuForm Mercury Managed Print Services

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-11
AI Q&A
2026-05-11
EPSS Evaluated
N/A
NVD
CVE-2025-61309
EUVD
EUVD-2025-209768
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
gmbh_mecury docuform 11.11c
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-61309 is a cross-site scripting (XSS) vulnerability in the dfm-menu_departments.php component of the docuForm FSM Server software version 11.11c. It allows an attacker to inject arbitrary JavaScript code by exploiting improper neutralization of user input. This injected code can then be executed in the browsers of other users, potentially leading to malicious actions.


How can this vulnerability impact me? :

Exploitation of this vulnerability can lead to theft of sensitive session data, unauthorized account takeover, and execution of unintended actions on behalf of affected users. This means attackers could hijack user sessions or perform malicious operations within the context of a victim's browser.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

Detection of this vulnerability involves identifying attempts to inject malicious JavaScript payloads into the dfm-menu_departments.php component of the docuForm FSM Server software. Monitoring HTTP requests for suspicious input patterns targeting this specific PHP component can help detect exploitation attempts.

You can use web server access logs or network traffic inspection tools to look for requests containing suspicious script tags or JavaScript code in parameters passed to dfm-menu_departments.php.

  • Use grep or similar tools to search web server logs for suspicious payloads, e.g.:
  • grep -i 'dfm-menu_departments.php' /var/log/apache2/access.log | grep -i '<script>'
  • Use curl or wget to test the endpoint with crafted payloads to see if the input is reflected unsafely.
  • Example curl command to test injection:
  • curl -v 'http://target/docuform/dfm-menu_departments.php?param=<script>alert(1)</script>'

What immediate steps should I take to mitigate this vulnerability?

The immediate mitigation step is to apply the vendor-provided patch or update released in November 2025 that fixes this vulnerability in docuForm FSM Server version 11.11c.

Until the patch can be applied, you should implement input validation and output encoding on the dfm-menu_departments.php component to prevent execution of injected JavaScript.

Additionally, consider implementing web application firewall (WAF) rules to block requests containing suspicious script tags or JavaScript payloads targeting this endpoint.

Review user privileges and monitor for unusual account activity that could indicate exploitation attempts.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart