Search Results (18 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-51926 1 Docuform 1 Client 2026-07-13 7.5 High
An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid and invalid usernames based on variations in server responses. This information can be leveraged to identify existing accounts and facilitate further attacks, including brute-force or credential stuffing.
CVE-2026-51925 1 Docuform 1 Client 2026-07-12 8.1 High
A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files.
CVE-2026-51923 1 Docuform 1 Client 2026-07-12 8.1 High
An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts.
CVE-2026-51924 1 Docuform 1 Client 2026-07-12 8.1 High
An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component
CVE-2025-65418 1 Docuform 1 Docuform 2026-05-12 7.5 High
docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url.
CVE-2025-61313 1 Docuform 1 Docuform 2026-05-12 7.3 High
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61305 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61306 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61307 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61308 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61309 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61310 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61311 1 Docuform 1 Docuform 2026-05-12 7.3 High
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61312 1 Docuform 1 Docuform 2026-05-12 7.3 High
A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-61314 1 Docuform 1 Docuform 2026-05-12 7.3 High
A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value.
CVE-2025-65415 1 Docuform 1 Docuform 2026-05-12 5.4 Medium
docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application.
CVE-2025-65416 1 Docuform 1 Docuform 2026-05-12 6.3 Medium
docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php.
CVE-2025-65417 1 Docuform 1 Docuform 2026-05-12 6.1 Medium
docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application.