CVE-2025-59838

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-59838

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59838.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-59838

Aliases

GHSA-j4xx-fww5-774w

Published

2025-09-25T14:52:16.612Z

Modified

2026-04-10T05:32:13.856181Z

Severity

2.4 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N CVSS Calculator

Summary

Monkeytype Vulnerable to Self-XSS on loading saved custom text

Details

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/59xxx/CVE-2025-59838.json",
    "cwe_ids": [
        "CWE-79"
    ],
    "cna_assigner": "GitHub_M"
}

References

Affected packages

Git / github.com/monkeytypegame/monkeytype

Affected ranges

Type: GIT
Repo: https://github.com/monkeytypegame/monkeytype
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b9c4e4616ea11615ab1db1bc16f7708111cc2b33

Affected versions

v1.*

v1.10.1

v1.10.2

v1.10.3

v1.11

v1.11.1

v1.11.2

v1.11.3

v1.12

v1.12.1

v1.12.2

v1.12.3

v1.13

v1.13.1

v1.13.2

v1.13.3

v1.13.4

v1.14

v1.14.1

v1.14.3

v1.14.4

v1.15

v1.15.1

v1.15.2

v1.15.3

v1.16

v1.16.1

v1.16.2

v1.17

v1.17.1

v1.17.10

v1.17.11

v1.17.12

v1.17.13

v1.17.14

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.17.7

v1.17.8

v1.17.9

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.2.6

v1.2.7

v1.2.8

v1.3

v1.3.1

v1.3.10

v1.3.2

v1.3.3

v1.3.4

v1.3.5

v1.3.6

v1.3.7

v1.3.8

v1.3.9

v1.4

v1.4.1

v1.4.10

v1.4.11

v1.4.12

v1.4.13

v1.4.14

v1.4.15

v1.4.16

v1.4.17

v1.4.18

v1.4.19

v1.4.2

v1.4.20

v1.4.21

v1.4.22

v1.4.23

v1.4.24

v1.4.25

v1.4.3

v1.4.4

v1.4.5

v1.4.6

v1.4.7

v1.4.8

v1.4.9

v1.5

v1.5.0

v1.5.1

v1.5.2

v1.5.3

v1.5.4

v1.5.5

v1.5.6

v1.5.7

v1.5.8

v1.6

v1.6.1

v1.6.10

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.6.6

v1.6.8

v1.6.9

v1.7

v1.7.1

v1.7.10

v1.7.11

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

v1.8

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v23.*

v23.40.1

v23.41.0

v23.42.0

v23.43.0

v23.43.1

v23.45.0

v23.46.0

v23.46.1

v23.47.0

v23.48.0

v23.51.0

v24.*

v24.11.0

v24.11.1

v24.11.2

v24.11.3

v24.12.0

v24.12.1

v24.14.0

v24.14.1

v24.15.0

v24.15.1

v24.17.0

v24.17.1

v24.17.2

v24.17.3

v24.17.4

v24.17.5

v24.18.0

v24.18.1

v24.19.0

v24.2.0

v24.20.0

v24.20.1

v24.21.0

v24.21.1

v24.22.0

v24.24.0

v24.25.0

v24.27.0

v24.28.0

v24.29.0

v24.3.0

v24.30.0

v24.31.1

v24.31.2

v24.31.3

v24.32.0

v24.33.0

v24.34.0

v24.36.0

v24.37.0

v24.38.0

v24.39.0

v24.4.0

v24.4.1

v24.42.0

v24.47.0

v24.49.0

v24.5.0

v24.5.1

v24.5.2

v24.52.0

v24.6.0

v24.6.1

v24.6.2

v24.7.0

v24.9.1

v25.*

v25.10.0

v25.13.0

v25.16.0

v25.16.1

v25.18.0

v25.19.0

v25.2.0

v25.22.0

v25.27.0

v25.3.0

v25.30.0

v25.31.0

v25.32.0

v25.35.0

v25.36.0

v25.6.0

v25.7.0

v25.8.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-59838.json"