CNNVD-202512-426 Information
CNNVD ID
CNNVD-202512-426
Related CVE
- CNNVD Published: 2025-12-04
Description (Chinese)
Monkeytype是Monkeytype开源的一种简约且可定制的打字测试。 Monkeytype 25.49.0及之前版本存在跨站脚本漏洞,该漏洞源于对用户输入处理不当,可能导致查看恶意引用提交时执行恶意JavaScript。
Description (English)
Monkeytype is a simple, customized typing test for Monkeytype ’ s open source. Monkeytype 25.49.0 and previous versions had a cross-site script loophole, which stemmed from the inappropriate handling of user input and could lead to the viewing of malicious references for the performance of malicious JavaScript.
Hazard Level
High
Vulnerability Type
跨站脚本
Affected Vendor
Monkeytype
Published
2025-12-04
Last Modified
2026-02-24
References
https://github.com/monkeytypegame/monkeytype/commit/d6d062a77132ba7d6ba3b482d46ae329d3b8d695 https://github.com/monkeytypegame/monkeytype/security/advisories/GHSA-mfjh-9552-8g27 https://access.redhat.com/security/cve/cve-2025-66563
Patch
https://github.com/monkeytypegame/monkeytype/releases
Share on: