Vulnerabilities

CVE-2025-56200

by Fred · 30/09/2025

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses ‘://’ as a delimiter to parse protocols, while browsers use ‘:’ as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

More information : http://validatorjs.com

Similar

Tags: Cybersecurity Alert