CVE-2025-66563

Exploit

EPSS 0.05%
Veröffentlicht 04.12.2025 22:34:10
Zuletzt bearbeitet 17.12.2025 16:12:09
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Monkeytype ≫ Monkeytype Version <= 25.49.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.163

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
security-advisories@github.com	7.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-mfjh-9552-8g27

Vendor Advisory

Exploit

https://github.com/monkeytypegame/monkeytype/commit/d6d062a77132ba7d6ba3b482d46ae329d3b8d695

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-66563

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-66563

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-66563

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-66563