CVE-2025-61307

MEDIUM

GmbH Mecury Managed Print Services 11.11c - XSS

Title source: llm

Description

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.

References (3)

Core 3

Core References

https://www.docuform.de/

https://ZeroBreach.de

https://gist.github.com/ZeroBreach-GmbH/dd7e6b6a0598a85ba564af8fe3b8619c

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published May 11, 2026

Tracked Since May 11, 2026