CVE-2025-61313
Reflected XSS in docuForm Mercury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | 11.11c |
| gmbh_mecury | docuform_fsm_server | 11.11c |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-61313 is a stored cross-site scripting (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) FSM Server version 11.11c.
The vulnerability arises from improper neutralization of user-controllable input, allowing an authenticated attacker to inject arbitrary JavaScript code that is stored and later rendered unsafely in other users' browsers.
How can this vulnerability impact me? :
This vulnerability can lead to the theft of sensitive session data, unauthorized account takeover, or unintended actions performed on behalf of victims.
Because the injected JavaScript runs in the context of other users' browsers, attackers can exploit this to compromise user accounts and data.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the dfm-menu_markeralerts.php component of docuForm FSM Server version 11.11c was fixed by the vendor in November 2025.
Immediate mitigation steps include applying the vendor's patch or update that addresses this XSS vulnerability.
Additionally, consider restricting access to the affected component to authenticated and trusted users only, and monitor for suspicious activity related to script injection attempts.