CVE-2025-61312

HIGH

GmbH Mecury Managed Print Services 11.11c - XSS

Title source: llm

Description

A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.

References (3)

Core 3

Core References

https://www.docuform.de/

https://ZeroBreach.de

https://gist.github.com/ZeroBreach-GmbH/c970fab734432e6f9bc39b2d20f96e5c

Scores

CVSS v3 7.3

EPSS 0.0029

EPSS Percentile 20.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-79

Status published

Published May 11, 2026

Tracked Since May 11, 2026