Monkeytype

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-66563 MEDIUM POC PATCH This Month

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).

XSS Monkeytype
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-59838 LOW POC PATCH Monitor

Monkeytype is a minimalistic and customizable typing test. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available.

XSS Monkeytype
NVD GitHub
CVSS 4.0
2.4
EPSS
0.0%
CVE-2025-66563
EPSS 0% CVSS 6.1
MEDIUM POC PATCH This Month

Monkeytype is a minimalistic and customizable typing test. In 25.49.0 and earlier, there is improper handling of user input which allows an attacker to execute malicious javascript on anyone viewing a malicious quote submission. quote.text and quote.source are user input, and they're inserted straight into the DOM. If they contain HTML tags, they will be rendered (after some escaping using quotes and textarea tags).

XSS Monkeytype
NVD GitHub
CVE-2025-59838
EPSS 0% CVSS 2.4
LOW POC PATCH Monitor

Monkeytype is a minimalistic and customizable typing test. Rated low severity (CVSS 2.4), this vulnerability is low attack complexity. Public exploit code available.

XSS Monkeytype
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy