CVE-2025-61314
Reflected XSS in docuForm Mercury Managed Print Services
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gmbh_mecury | docuform | to 11.11c (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers to execute arbitrary JavaScript in users' browsers, potentially leading to theft of sensitive session data and unauthorized account takeover.
Such unauthorized access and data theft can result in violations of data protection regulations like GDPR and HIPAA, which mandate the protection of personal and sensitive information.
Therefore, exploitation of this vulnerability could compromise compliance with these standards by exposing user data to attackers.
Can you explain this vulnerability to me?
CVE-2025-61314 is a cross-site scripting (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) version 11.11c.
This vulnerability allows attackers to inject arbitrary JavaScript code by exploiting improper neutralization of user-controllable input. The injected code can be executed in the context of a user's browser.
Specifically, authenticated attackers can inject malicious scripts that are stored and later executed when other users load the affected page.
How can this vulnerability impact me? :
The vulnerability can lead to serious security impacts including:
- Theft of sensitive session data from users.
- Unauthorized account takeover by attackers.
- Unintended actions performed on behalf of victims without their consent.
What immediate steps should I take to mitigate this vulnerability?
The vendor has acknowledged the issue and released a fix in November 2025. The immediate step to mitigate this vulnerability is to apply the vendor's patch or update to docuForm FSM Server version 11.11c that addresses the XSS vulnerability in the dfm-menu_orderopt.php component.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a reflected cross-site scripting (XSS) issue in the dfm-menu_orderopt.php component of docuForm FSM Server version 11.11c. Detection typically involves testing the affected URL or parameter for improper input sanitization by injecting crafted JavaScript payloads and observing if they are executed in the browser.
A common approach is to use tools like curl or browser-based testing to send payloads to the vulnerable parameter and check for reflected scripts.
- Use curl to send a test payload to the vulnerable parameter, for example: curl -i "http://target/docuform/dfm-menu_orderopt.php?param=<script>alert(1)</script>"
- Use a browser or proxy tool (like Burp Suite) to inject JavaScript payloads into the parameter and observe if the script executes or is reflected unescaped.
- Check server responses for the presence of injected script tags or JavaScript code in the HTML content.