CVE-2025-56200

Name of the Vulnerable Software and Affected Versions validator.js versions through 13.15.15

Description A flaw exists in the URL validation process within validator.js. The isURL() function utilizes '://' to identify protocols during parsing, differing from the ':' delimiter used by web browsers. This discrepancy enables attackers to circumvent protocol and domain validation checks, potentially leading to Cross-Site Scripting (XSS) and Open Redirect attacks. The vulnerable component is the isURL() function.

Recommendations Update to a version of validator.js newer than 13.15.15.