CVE-2025-24722 in FAQ Builder AYS Plugin
Summary
by MITRE • 01/24/2025
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 02/08/2025
The vulnerability identified as CVE-2025-24722 represents a critical cross-site scripting flaw within the FAQ Builder AYS web application developed by F.A.Q Builder Team. This weakness manifests as improper neutralization of input during web page generation, creating an environment where malicious script code can be persistently stored and subsequently executed in the context of other users' browsers. The vulnerability specifically impacts versions of the FAQ Builder AYS application ranging from the initial release through version 1.7.3, indicating a potentially widespread exposure across multiple iterations of the software.
The technical nature of this flaw places it firmly within the scope of CWE-79, which defines Cross-Site Scripting as a vulnerability where untrusted data is incorporated into web pages without proper sanitization or encoding. The stored XSS variant means that malicious input is first saved to the application's database or storage system, then later retrieved and displayed to other users without adequate protection mechanisms. This persistent nature makes the vulnerability particularly dangerous as it can affect multiple users over extended periods without requiring repeated exploitation attempts.
From an operational perspective, this vulnerability creates significant risks for organizations utilizing the FAQ Builder AYS application. Attackers can inject malicious scripts that execute in the context of legitimate user sessions, potentially leading to session hijacking, credential theft, or unauthorized access to sensitive information. The stored nature of the vulnerability means that once exploited, the malicious payloads remain active until manually removed from the application's data stores, providing attackers with sustained access to victim systems. This characteristic aligns with ATT&CK technique T1531, which covers the use of malicious scripts to maintain access and exfiltrate data from compromised systems.
The impact extends beyond simple script execution as attackers can leverage this vulnerability to perform actions on behalf of authenticated users, potentially gaining administrative privileges or accessing restricted content. The vulnerability's presence in the web page generation process suggests that any input fields or content management areas within the FAQ Builder interface could serve as attack vectors, including question fields, answer text areas, or user-provided metadata. Organizations relying on this application for customer support or knowledge management systems face potential exposure to data breaches, service disruption, and reputational damage. The vulnerability's classification as stored XSS specifically violates security principles outlined in OWASP Top Ten 2021, categorizing it as a critical risk that requires immediate remediation to prevent exploitation by threat actors. Mitigation strategies should include comprehensive input validation, output encoding, and the implementation of Content Security Policies to prevent unauthorized script execution.