docuForm Mercury Managed Print Services Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the dfm-menu_markeralerts.php component of docuForm Mercury Managed Print Services version 11.11c. This vulnerability allows attackers to execute arbitrary JavaScript in the context of a user's browser by injecting a crafted payload into an unfiltered variable. The issue arises from improper neutralization of user-controllable input before it is embedded in dynamically generated web pages.

Impact

Exploitation of this vulnerability allows for the injection and execution of malicious scripts in the affected user's browser. This could lead to the theft of sensitive information such as session identifiers or personal user data, potentially allowing for unauthorized account access or actions on behalf of the user.