Stored Cross-Site Scripting in SourceCodester FAQ Management System
CVE-2025-57425

6.1MEDIUM

Key Information:

Vendor: SourceCodester
Status: FAQ Management System
Vendor: CVE Published:; 26 August 2025

🔔 Create SourceCodester Vulnerability Alert

What is CVE-2025-57425?

The SourceCodester FAQ Management System 1.0 contains a Stored Cross-Site Scripting vulnerability that enables an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields. This occurs via the update-faq.php endpoint, potentially leading to unauthorized actions or data manipulation within the application when other users interact with the compromised content.

References

https://gist.github.com/progprnv/10110b20469e4ae02aa1c9bf...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 26, 2025
Vulnerability Reserved
Aug 17, 2025