MEDIUM🇬🇧 English

CVE-2025-56200

CVSS 6.1v3.1pub. 2025-09-30upd. 2026-07-05

A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Validator Project Validator

    APP
    Validator Project
    ≤ 3.15.15
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Referencje

Powiązane podatności

CVE-2025-12758HIGH7.7ten sam produkt

Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instan...

CVE-2021-3765HIGH7.5ten sam produkt

validator.js is vulnerable to Inefficient Regular Expression Complexity