CVE-2025-61311
Reflected XSS in docuForm Mercury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61311 is a cross-site scripting (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) version 11.11c. It occurs because the application does not properly neutralize user-controllable input, allowing an attacker to inject arbitrary JavaScript code.
This injected code can be executed in the context of a user's browser, potentially leading to unauthorized actions or data theft.
How can this vulnerability impact me? :
The vulnerability allows an attacker to execute arbitrary JavaScript in other users' browsers, which can lead to the theft of sensitive session data or personal information.
This can enable unauthorized account access or cause users to perform unintended actions within the application.
Overall, it poses a high risk to confidentiality and integrity of user data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this reflected cross-site scripting (XSS) vulnerability involves testing the dfm-menu_alerts.php component for improper input neutralization by injecting crafted JavaScript payloads into input fields or URL parameters and observing if the payload is executed in the browser context.
Common detection methods include using web vulnerability scanners that support XSS detection or manual testing with tools like curl or browser developer consoles.
- Use curl to send a crafted payload to the vulnerable endpoint, for example: curl -i -X GET 'http://target/docuform/dfm-menu_alerts.php?param=<script>alert(1)</script>'
- Observe the response in a browser or via developer tools to see if the script executes or is reflected unescaped.
- Use automated scanners such as OWASP ZAP or Burp Suite to scan the dfm-menu_alerts.php page for XSS vulnerabilities.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the vendor-provided patch released in November 2025 that fixes the XSS vulnerability in the dfm-menu_alerts.php component.
If patching is not immediately possible, implement input validation and output encoding on the affected parameters to prevent execution of injected scripts.
Additionally, restrict access to the vulnerable component to trusted users only and monitor for suspicious activity.
Educate users to avoid clicking on suspicious links that might exploit this vulnerability.