Vulnerability Database
299,184
Total vulnerabilities in the database
CVE-2025-56200
A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.
| Software | From | Fixed in |
|---|---|---|
validator
|
- | 13.15.20 |
- http://validatorjs.com
- https://gist.github.com/junan-98/27ae092aa40e2a057d41a0f95148f666
- https://gist.github.com/junan-98/a93130505b258b9e4ec9f393e7533596
- https://github.com/validatorjs/validator.js/commit/cbef5088f02d36caf978f378bb845fe49bdc0809
- https://github.com/validatorjs/validator.js/issues/2600
- https://github.com/validatorjs/validator.js/pull/2608
- https://github.com/validatorjs/validator.js/releases/tag/13.15.20
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime