CVE-2025-61314

Name of the Vulnerable Software and Affected Versions docuForm version 11.11c

Description A reflected cross-site scripting (XSS) issue exists in the 'dfm-menu orderopt.php' component. This allows attackers to execute arbitrary JavaScript in a user's browser by injecting a crafted payload into an unfiltered variable value.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.