CVE-2025-65417

Vulnerability

Overview A reflected cross-site scripting (XSS) vulnerability exists in the login page of docuFORM Managed Print Service Client version 11.11c. The application fails to properly sanitize user-supplied input before reflecting it in the HTTP response, allowing an attacker to inject arbitrary JavaScript code. This issue is classified as CWE-79 and was reported by security researcher Bastian Recktenwald of ZeroBreach GmbH [2].

Exploitation

Exploitation requires the attacker to craft a malicious URL containing the XSS payload. The victim must click on this link, which can be delivered via phishing or other social engineering methods. No authentication is needed, as the vulnerability exists on the login page. The attacker does not need any special network position; the attack is performed over the network with low complexity [2].

Impact

Successful exploitation allows the attacker to execute scripts in the victim's browser context with the privileges of the application. This can lead to session hijacking by stealing cookies, theft of sensitive data such as credentials or personal information, unauthorized actions performed on behalf of the user, or redirection to malicious sites for malware distribution [2].

Mitigation

The vendor acknowledged the vulnerability and published a fix in November 2025. Users are advised to update to the latest version of docuFORM Managed Print Service Client to remediate the issue. The information about the vulnerability was publicly disclosed in April 2026 [2].