CVE-2025-61309

MEDIUM

GmbH Mecury Managed Print Services (docuForm) 11.11c - Reflected Cross-Site Scripting in dfm-menu_departments.php

Title source: llm

Description

A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.

References (3)

Core 3

Core References

https://www.docuform.de/

https://ZeroBreach.de

https://gist.github.com/ZeroBreach-GmbH/5b9fcd360e5a4d61523210ac8fcfca73

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 14.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-79

Status published

Published May 11, 2026

Tracked Since May 11, 2026