https://vulnerability.circl.lu/sightings/feedMost recent sightings.2026-05-06T07:56:18.975916+00:00Vulnerability-Lookupinfo@circl.lupython-feedgenContains only the most 10 recent sightings.https://vulnerability.circl.lu/sighting/8c4a9714-bf99-4f6d-ac87-c09240db2897/export8c4a9714-bf99-4f6d-ac87-c09240db28972026-05-06T07:56:19.332155+00:00Automation userhttp://cve.circl.lu/user/automation{"uuid": "8c4a9714-bf99-4f6d-ac87-c09240db2897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61315", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/3ac4a5a17de616a8fa346d604fd34c68", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in dfm-menu\\_report.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n* **Product:** docuForm FSM Server\n* **Affected Versions:** 11.11c\n* **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n* **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n* **Vendor URL:** www.docuform.de\n* **Vendor acknowledged vulnerability:** Yes\n* **CVE:** CVE-2025-61315\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n* [National Vulnerability Database CVE-2025-61315](https://nvd.nist.gov/vuln/detail/CVE-2025-61315)\n* [ZeroBreach GmbH - CVE-2025-61315](https://zerobreach.de/blog/security-advisories/CVE-2025-61315.html)\n\n##### Timeline\n\n* **2025-10:** Vulnerability reported to the vendor.\n* **2025-11:** Vendor published a fix for the issue.\n* **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n* Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:10:01.000000Z"}2026-05-05T15:10:01+00:00