Primary

Context

Monkeytype Stored Cross-Site Scripting Vulnerability in Quote Approval Modal

Vulnerability

Patched

A stored cross-site scripting vulnerability has been identified in Monkeytype versions through 25.49.0. This issue arises from improper handling of user input in the quote approval modal, allowing an attacker to execute malicious JavaScript in the context of users viewing the quote. The vulnerability is triggered by inserting HTML-containing user input directly into the DOM without adequate sanitization.

Impact

Exploitation of this vulnerability allows for the execution of malicious JavaScript on the client side, impacting anyone who views the affected quote.

Reproduction

To reproduce this vulnerability, switch to quotes mode in Monkeytype and click on the search icon. Then, select 'Submit a quote' and enter a payload, such as a script tag, into the 'text' or 'source' input boxes. After submitting the quote, the payload will execute when the quote is viewed.

Remediation

Users can update to Monkeytype version 25.49.0 or later to address this vulnerability.

Added: Dec 4, 2025, 11:18 PM

Updated: Dec 4, 2025, 11:18 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.0

remediation

7.7

relevance

1.3

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Monkeytype Stored Cross-Site Scripting Vulnerability in Quote Approval Modal

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Monkeytype

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating