Search
Search Results (18 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-51926 | 1 Docuform | 1 Client | 2026-07-13 | 7.5 High |
| An issue in docuForm GmbH FSM Client v.11.11c allows a remote attacker to obtain sensitive information via the login.php component. A vulnerability was identified in the authentication mechanism that allows user enumeration through the login interface. An attacker can differentiate between valid and invalid usernames based on variations in server responses. This information can be leveraged to identify existing accounts and facilitate further attacks, including brute-force or credential stuffing. | ||||
| CVE-2026-51925 | 1 Docuform | 1 Client | 2026-07-12 | 8.1 High |
| A Local File Inclusion (LFI) vulnerability exists in docuForm GmbH Client v.11.11c that allows a remote attacker to execute arbitrary code via the dfm-menu_report.php component. Attackers can exploit this flaw to read arbitrary files on the server, including sensitive configuration files, source code or system files. | ||||
| CVE-2026-51923 | 1 Docuform | 1 Client | 2026-07-12 | 8.1 High |
| An Insecure Direct Object Reference (IDOR) vulnerability exists in docuForm GmbH Client v.11.11c allowing a remote attacker to execute arbitrary code via the user settings component, and modify or retrieve sensitive data associated with other users’ accounts. | ||||
| CVE-2026-51924 | 1 Docuform | 1 Client | 2026-07-12 | 8.1 High |
| An issue in docuForm GmbH Client v.11.11c allows a remote attacker to execute arbitrary code via the file upload and report.php component | ||||
| CVE-2025-65418 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.5 High |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url. | ||||
| CVE-2025-61313 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61305 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_firmware.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61306 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_coveragealerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61307 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_papers.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61308 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_maintenance.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61309 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_departments.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61310 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_billings.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61311 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61312 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-61314 | 1 Docuform | 1 Docuform | 2026-05-12 | 7.3 High |
| A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c allows attackers to execute arbitrary Javascript in the context of a user's browser via injecting a crafted payload into an unfiltered variable value. | ||||
| CVE-2025-65415 | 1 Docuform | 1 Docuform | 2026-05-12 | 5.4 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a session fixation attack via the login page of the application. | ||||
| CVE-2025-65416 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.3 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to arbitrary file upload via pmupdate.php. | ||||
| CVE-2025-65417 | 1 Docuform | 1 Docuform | 2026-05-12 | 6.1 Medium |
| docuFORM Managed Print Service Client 11.11c is vulnerable to a reflected cross site scripting attack via the login page of the application. | ||||
Page 1 of 1.