Junan-98

**Name of the Vulnerable Software and Affected Versions** validator.js versions through 13.15.15 **Description** A flaw exists in the URL validation process within validator.js. The `isURL()` function utilizes '://' to identify protocols during parsing, differing from the ':' delimiter used by web browsers. This discrepancy enables attackers to circumvent protocol and domain validation checks, potentially leading to Cross-Site Scripting (XSS) and Open Redirect attacks. The vulnerable component is the `isURL()` function. **Recommendations** Update to a version of validator.js newer than 13.15.15.