docuForm Mecury Print Hit by XSS

A reflected cross-site scripting flaw (CVE-2025-61305) has been disclosed in docuForm's Mecury Managed Print Services v11.11c, specifically in the dfm-menu_firmware.php component. Attackers can craft malicious links that execute arbitrary JavaScript in a victim's browser, potentially hijacking sessions or stealing data from users of the print management system. Administrators should restrict access to the management interface and watch for a vendor patch.