CVE-2025-66563

Name of the Vulnerable Software and Affected Versions Monkeytype versions prior to 25.49.0

Description The software exhibits improper handling of user input, potentially allowing an attacker to execute malicious JavaScript code on users who view a malicious quote submission. The quote.text and quote.source inputs are directly inserted into the Document Object Model (DOM) without sufficient sanitization. This allows HTML tags within these inputs to be rendered, potentially leading to cross-site scripting (XSS).

Recommendations Versions prior to 25.49.0 should be updated.