CNNVD-202509-3962 Information
CNNVD ID
CNNVD-202509-3962
Related CVE
- CNNVD Published: 2025-09-25
Description (Chinese)
Monkeytype是Monkeytype开源的一种简约且可定制的打字测试。 Monkeytype 25.36.0及之前版本存在安全漏洞,该漏洞源于加载保存的自定义文本时对用户输入处理不当,可能导致跨站脚本攻击。
Description (English)
Monkeytype is a simple, customized typing test for Monkeytype ’ s open source. There is a security loophole in Monkeytype 25.36.0 and earlier versions, which arises from the inappropriate handling of user input when loading the custom text stored, which may result in a cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Monkeytype
Published
2025-09-25
Last Modified
2026-02-24
References
https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-j4xx-fww5-774w https://github.com/monkeytypegame/monkeytype/commit/f025b121cbe437e29de432b4aa72e0de22c755b7 https://github.com/monkeytypegame/monkeytype/releases/tag/v25.44.0 https://access.redhat.com/security/cve/cve-2025-59838
Patch
https://github.com/monkeytypegame/monkeytype/releases
Share on: