This vulnerability involves a reflected XSS flaw in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services (docuForm) v11.11c. An attacker can inject malicious JavaScript code via an unfiltered variable, which is then reflected back to the user's browser, enabling script execution in the user's context. The vulnerability is publicly disclosed but lacks CVSS scoring and official remediation guidance. No affected versions beyond v11.11c are specified, and no vendor advisory or patch information is provided.

Successful exploitation could allow an attacker to execute arbitrary JavaScript in the victim's browser session when they access the vulnerable component. This may lead to session hijacking, information disclosure, or other client-side attacks depending on the context. However, no known exploits have been reported, and the specific impact depends on the environment and user interaction.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should consider applying input validation or filtering on the affected component if possible, and restrict access to the vulnerable interface. Monitor vendor communications for updates on patches or mitigations.