CVE-2025-61311

Name of the Vulnerable Software and Affected Versions docuForm version 11.11c

Description A reflected cross-site scripting (XSS) issue exists in the 'dfm-menu alerts.php' component. This allows attackers to execute arbitrary Javascript in a user's browser by injecting a crafted payload into an unfiltered variable value.

Recommendations As a temporary workaround, restrict access to the 'dfm-menu alerts.php' component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.