CVE-2025-65417
Received Received - Intake
Reflected XSS in docuFORM Managed Print Service Client

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: MITRE

Description
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-11
EPSS Evaluated
2026-06-19
NVD
CVE-2025-65417
EUVD
EUVD-2025-209776
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
docuform managed_print_service_client to 11.11c (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The reflected cross-site scripting (XSS) vulnerability in docuFORM Managed Print Service Client 11.11c can lead to unauthorized access to sensitive data such as credentials or personal information by attackers. This exposure of personal data could potentially result in non-compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Successful exploitation of this vulnerability may allow attackers to hijack user sessions or execute unauthorized actions, increasing the risk of data breaches and unauthorized data processing, which are critical compliance concerns under these regulations.

Executive Summary

CVE-2025-65417 is a reflected cross-site scripting (XSS) vulnerability affecting the docuForm Managed Print Service Client version 11.11c. It occurs because the application does not properly sanitize user input on its login page, allowing attackers to inject and execute arbitrary JavaScript code in the victim's browser.

Impact Analysis

Exploitation of this vulnerability can have serious impacts including session hijacking by stealing cookies, theft of sensitive data such as credentials or personal information, execution of unauthorized actions on behalf of the user, and redirecting users to malicious websites that may distribute malware.

Detection Guidance

This vulnerability is a reflected cross-site scripting (XSS) issue in the login page of the docuFORM Managed Print Service Client 11.11c. Detection typically involves testing the login page for unsanitized input reflection.

You can detect this vulnerability by sending crafted HTTP requests with typical XSS payloads to the login page and observing if the payload is reflected and executed in the response.

  • Use curl or similar tools to send test payloads, for example: curl -X POST -d 'username=<script>alert(1)</script>&password=test' http://target/login
  • Use browser developer tools or intercepting proxies (like Burp Suite) to inspect the response for reflected scripts.
  • Automated scanners that test for reflected XSS vulnerabilities can also be used against the login page.
Mitigation Strategies

The vendor has released a fix for this vulnerability in November 2025. The immediate step is to update the docuFORM Managed Print Service Client to the fixed version.

Until the update can be applied, consider restricting access to the vulnerable login page to trusted users only or via network controls.

Implement web application firewall (WAF) rules to detect and block typical XSS attack patterns targeting the login page.

Educate users about the risks of clicking suspicious links that might exploit this vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-65417. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart