CVE-2025-40695

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2

Description: The Online Fire Reporting System contains a stored cross-site scripting (XSS) issue. The lack of proper validation of user inputs for the remark, status, and takeaction parameters via POST requests at the /ofrs/admin/request-details.php endpoint allows a remote user to send a specially crafted query to an authenticated user and potentially steal cookie session details.

Recommendations: Apply appropriate input validation and sanitization techniques to the remark, status, and takeaction parameters in the /ofrs/admin/request-details.php endpoint.