CVE-2025-40695 is a stored Cross-Site Scripting (XSS) vulnerability identified in version 1.2 of the PHPGurukul Online Fire Reporting System (OFRS). The vulnerability arises due to improper neutralization of user input during web page generation, specifically in the parameters 'remark', 'status', and 'takeaction' submitted via POST requests to the '/ofrs/admin/request-details.php' endpoint. Because these inputs are not properly validated or sanitized, an authenticated attacker can inject malicious scripts that are stored on the server and later executed in the browsers of other authenticated users who view the affected pages. This stored XSS can be exploited remotely without requiring elevated privileges beyond authentication and does not require user interaction beyond viewing the malicious content. The primary impact of this vulnerability is the potential theft of session cookies, which could lead to session hijacking, unauthorized access, and further compromise of user accounts within the system. The CVSS 4.0 base score of 5.1 reflects a medium severity, considering the attack vector is network-based, the attack complexity is low, no privileges beyond authentication are required, and user interaction is needed only to view the malicious content. No known public exploits are reported at this time, and no patches have been published yet. The vulnerability is categorized under CWE-79, which covers improper neutralization of input leading to XSS attacks.

For European organizations using the PHPGurukul Online Fire Reporting System, this vulnerability poses a significant risk to the confidentiality and integrity of user sessions and data. Fire reporting systems are critical for emergency response coordination and public safety; compromise of such systems could lead to unauthorized access to sensitive incident reports, manipulation of fire incident data, or disruption of emergency workflows. The theft of session cookies via XSS could allow attackers to impersonate legitimate users, potentially including administrators, leading to unauthorized modifications or data exfiltration. Additionally, exploitation could facilitate further attacks within the network, such as lateral movement or privilege escalation. Given the critical nature of fire reporting systems, any compromise could undermine trust in emergency services and impact public safety operations. The medium severity rating suggests that while the vulnerability is exploitable, the requirement for authentication and user interaction somewhat limits the attack surface. However, in environments where multiple users access the system, the risk of exploitation remains notable.

To mitigate this vulnerability, organizations should implement strict input validation and output encoding on all user-supplied data, especially the 'remark', 'status', and 'takeaction' parameters. Employing context-aware output encoding (e.g., HTML entity encoding) before rendering user inputs in web pages is critical to prevent script execution. Additionally, adopting Content Security Policy (CSP) headers can help restrict the execution of unauthorized scripts. Since no official patch is currently available, organizations should consider deploying Web Application Firewalls (WAFs) with rules to detect and block XSS payloads targeting the vulnerable endpoint. Enforcing least privilege access controls and monitoring user activities for anomalous behavior can reduce the impact of compromised accounts. Regular security training for users to recognize suspicious links or inputs can also help mitigate social engineering aspects. Finally, organizations should maintain up-to-date backups and prepare incident response plans to quickly address any exploitation attempts once patches become available.