{"vulnerability": "CVE-2025-6131", "sightings": [{"uuid": "ae137072-3cb9-40a6-9aaa-4272dcdfa094", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6131", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrqqtfoo2h25", "content": "", "creation_timestamp": "2025-06-16T19:49:48.166897Z"}, {"uuid": "ec8c6eff-4474-4c1e-9f09-3c38de4628d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61319", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3m2zlw3z4mz2p", "content": "", "creation_timestamp": "2025-10-12T21:02:42.877272Z"}, {"uuid": "742ed038-60f7-4c90-afce-e67c78279ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61319", "type": "published-proof-of-concept", "source": "Telegram/TFgIrRyFVdmt-_iXx8f0LX8Ka84NvNMzkX0RvLq3uNFE64w", "content": "", "creation_timestamp": "2025-10-10T03:00:06.000000Z"}, {"uuid": "e40135c4-db9a-40c7-9863-630275634a20", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-6131", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/18484", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-6131\n\ud83d\udd25 CVSS Score: 4.8 (cvssV4_0, Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P)\n\ud83d\udd39 Description: A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.\n\ud83d\udccf Published: 2025-06-16T17:00:15.848Z\n\ud83d\udccf Modified: 2025-06-16T17:00:15.848Z\n\ud83d\udd17 References:\n1. https://vuldb.com/?id.312600\n2. https://vuldb.com/?ctiid.312600\n3. https://vuldb.com/?submit.592780\n4. https://github.com/Vanshdhawan188/Food-Ordering-System-in-PHP-CodeIgniter-/blob/main/Stored%20Cross-Site%20Scripting%20(XSS).md\n5. https://codeastro.com/", "creation_timestamp": "2025-06-16T17:37:59.000000Z"}, {"uuid": "abd57841-ea7b-40f2-9768-eb56b752430d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61310", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/9d68c717a402aab13eb0d4771a08fc79", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in acc-menu\\_billings.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61310\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61310](https://nvd.nist.gov/vuln/detail/CVE-2025-61310)\n*   [ZeroBreach GmbH - CVE-2025-61310](https://zerobreach.de/blog/security-advisories/CVE-2025-61310.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T14:58:24.000000Z"}, {"uuid": "f4a29147-bb98-435d-8492-44eaeb27e3d9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61311", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/424005738e819e14c724feb9c7c5f40b", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in dfm-menu\\_alerts.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61311\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61311](https://nvd.nist.gov/vuln/detail/CVE-2025-61311)\n*   [ZeroBreach GmbH - CVE-2025-61311](https://zerobreach.de/blog/security-advisories/CVE-2025-61311.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:00:32.000000Z"}, {"uuid": "cb4a6260-138d-4039-8ef9-9d3b4d17f6e8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61312", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/c970fab734432e6f9bc39b2d20f96e5c", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in acc-menu\\_pricess.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61312\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61312](https://nvd.nist.gov/vuln/detail/CVE-2025-61312)\n*   [ZeroBreach GmbH - CVE-2025-61312](https://zerobreach.de/blog/security-advisories/CVE-2025-61312.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:04:42.000000Z"}, {"uuid": "7941f5c9-f6c4-407f-afe8-9b2b9d9f684f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61313", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/be236a28ffa81c06b915c2a642bff0a5", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in dfm-menu\\_markeralerts.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61313\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61313](https://nvd.nist.gov/vuln/detail/CVE-2025-61313)\n*   [ZeroBreach GmbH - CVE-2025-61313](https://zerobreach.de/blog/security-advisories/CVE-2025-61313.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:07:24.000000Z"}, {"uuid": "94ac7aa3-ef2d-45b0-a9c9-cfa49e44c5cb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61314", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/4386b61523d784d2ffc674299ed02d51", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in dfm-menu\\_orderopt.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61314\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61314](https://nvd.nist.gov/vuln/detail/CVE-2025-61314)\n*   [ZeroBreach GmbH - CVE-2025-61314](https://zerobreach.de/blog/security-advisories/CVE-2025-61314.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:08:56.000000Z"}, {"uuid": "8c4a9714-bf99-4f6d-ac87-c09240db2897", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-61315", "type": "seen", "source": "https://gist.github.com/ZeroBreach-GmbH/3ac4a5a17de616a8fa346d604fd34c68", "content": "##### Description\n\nA stored cross\u2011site scripting (XSS) vulnerability exists in dfm-menu\\_report.php component due to improper neutralization of user\u2011controllable input before it is embedded into dynamically generated web pages. An authenticated attacker can inject arbitrary JavaScript code that is stored by the application and later rendered unsafely in the browser of other users.\n\n##### Details\n\n*   **Product:** docuForm FSM Server\n*   **Affected Versions:** 11.11c\n*   **Vulnerability Type:** CWE\u201179: Improper Neutralization of Input During Web Page Generation (\u201cCross\u2011site Scripting\u201d)\n*   **Risk Level:** High - CVSS 3.1: 7.3 (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N)\n*   **Vendor URL:** www.docuform.de\n*   **Vendor acknowledged vulnerability:** Yes\n*   **CVE:** CVE-2025-61315\n\n##### Impact\n\nAn attacker can exploit this vulnerability to inject and store malicious scripts within the application's data store, which are executed in the context of other users' sessions when the affected page is rendered. Successful exploitation facilitates the theft of sensitive session identifiers or personal user information, potentially leading to unauthorized account takeover, performance of unintended actions on behalf of the victim, or the modification of application.\n\n##### References\n\n*   [National Vulnerability Database CVE-2025-61315](https://nvd.nist.gov/vuln/detail/CVE-2025-61315)\n*   [ZeroBreach GmbH - CVE-2025-61315](https://zerobreach.de/blog/security-advisories/CVE-2025-61315.html)\n\n##### Timeline\n\n*   **2025-10:** Vulnerability reported to the vendor.\n*   **2025-11:** Vendor published a fix for the issue.\n*   **2026-04:** Information about the vulnerability is published.\n\n##### Credits\n\n*   Bastian Recktenwald ([Bastian.Recktenwald@ZeroBreach.de](mailto:Bastian.Recktenwald@ZeroBreach.de))", "creation_timestamp": "2026-05-05T15:10:01.000000Z"}]}