CVE-2025-40693
Vulnerability Description
Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a reflected and stored authenticated XSS due to the lack of propper validation of user inputs 'tname' parameter via GET and, 'teamleadname', 'teammember' and 'teamname'
parameters via POST at the endpoint '/ofrs/admin/edit-team.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
parameters via POST at the endpoint '/ofrs/admin/edit-team.php'. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal its cookie session details.
Vulnerability Details
Published Date
Last Modified
Source
NVD
Discussion (0)
Add Comment
No comments yet. Be the first!