CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61307

A reflected cross-site scripted XSS vulnerability in the acc-menupapers.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-65416

CVE-2025-65416 affects docuFORM Managed Print Service Client 11.11c. The vulnerability is an arbitrary file upload via pmupdate.php, with an underlying impact to confidentiality, integrity and availability evaluated as Low (C/L/I/L) per CVSS 3.1 (base score 6.3, MEDIUM). Exploitation would requir...

CVE-2025-61314

CVE-2025-61314 describes a reflected XSS in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The vulnerability allows an attacker to inject a crafted payload into an unfiltered variable value, causing arbitrary Javascript execution in the context of an...

CVE-2025-61308

CVE-2025-61308 describes a reflected XSS in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The underlying issue is an unfiltered variable value that allows attackers to inject arbitrary JavaScript, executed in a user’s browser context. The CVSS 3....

CVE-2025-61307

CVE-2025-61307 describes a reflected XSS in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The vulnerability allows attackers to inject arbitrary Javascript into a user’s browser by crafting a payload into an unfiltered variable value. Documents specif...

CVE-2025-61306

The CVE-2025-61306 vulnerability is a reflected XSS in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. The issue arises from injecting a crafted payload into an unfiltered variable value, allowing an attacker to execute arbitrary JavaScript in a...

CVE-2025-65418

CVE-2025-65418 affects docuFORM Managed Print Service Client 11.11c. It is a directory traversal vulnerability that allows reading arbitrary files via a crafted URL. The CVSSv3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) yields a base score of 7.5 (HIGH). Multiple connected sources corroborate...

CVE-2025-61306

A reflected cross-site scripted XSS vulnerability in the dfm-menucoveragealerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable valu...

CVE-2025-65418

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

CVE-2025-65418

docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url...

CVE-2025-61305

A reflected cross-site scripted XSS vulnerability in the dfm-menufirmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

PT-2026-39611

Name of the Vulnerable Software and Affected Versions docuForm version 11.11c Description A reflected cross-site scripting XSS issue exists in the 'dfm-menu orderopt.php' component. This allows attackers to execute arbitrary JavaScript in a user's browser by injecting a crafted payload into an...

PT-2026-39602

A reflected cross-site scripted XSS vulnerability in the dfm-menu firmware.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61311

A reflected cross-site scripted XSS vulnerability in the dfm-menualerts.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-65416

docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php...

CVE-2025-65415

docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application...

PT-2026-39606

A reflected cross-site scripted XSS vulnerability in the dfm-menu departments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61310

A reflected cross-site scripted XSS vulnerability in the acc-menubillings.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...

CVE-2025-61309

A reflected cross-site scripted XSS vulnerability in the dfm-menudepartments.php component of GmbH Mecury Managed Print Services docuForm v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value...