CVE-2025-40696

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2

Description: The Online Fire Reporting System contains a stored cross-site scripting issue. The vulnerability is due to insufficient validation of user inputs for the fullname, location, and message parameters via POST requests at the /ofrs/reporting.php endpoint. This could allow a remote user to send a crafted query to an authenticated user and potentially steal cookie session details.

Recommendations: Ensure proper validation of the fullname, location, and message parameters in the /ofrs/reporting.php endpoint to prevent the injection of malicious scripts.