Validator Project Validator vulnerabilities

CVE-2025-12758 [HIGH] CWE-792 CVE-2025-12758: Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or M Versions of the package validator before 13.15.22 are vulnerable to Incomplete Filtering of One or More Instances of Special Elements in the isLength() function that does not take into account Unicode variation selectors (\uFE0F, \uFE0E) appearing in a sequence which lead to improper string length calculation. This can lead to an application using isL

CVE-2025-56200 [MEDIUM] CWE-79 CVE-2025-56200: A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() f A URL validation bypass vulnerability exists in validator.js through version 13.15.15. The isURL() function uses '://' as a delimiter to parse protocols, while browsers use ':' as the delimiter. This parsing difference allows attackers to bypass protocol and domain validation by crafting URLs leading to XSS and Open Redirect attacks.

CVE-2021-3765 [HIGH] CWE-1333 CVE-2021-3765: validator.js is vulnerable to Inefficient Regular Expression Complexity validator.js is vulnerable to Inefficient Regular Expression Complexity

CVE-2014-8882 [HIGH] CWE-400 Regular Expression Denial of Service in validator Regular Expression Denial of Service in validator Versions of `validator` prior to 3.22.1 are affected by a regular expression denial of service vulnerability in the `isURL` method. ## Recommendation Update to version 3.22.1 or later.

CVE-2014-9772 [MEDIUM] CWE-79 XSS Filter Bypass via Encoded URL in validator XSS Filter Bypass via Encoded URL in validator Versions of `validator` prior to 2.0.0 contained an xss filter method that is affected by several filter bypasses. This may result in a cross-site scripting vulnerability. ## Proof of Concept The xss() function removes the word "javascript" when contained inside an attribute. However, it does not properly handle cases where characters have been hex-encoded. As a result

CVE-2013-7454 [MEDIUM] CWE-79 Multiple XSS Filter Bypasses in validator Multiple XSS Filter Bypasses in validator Versions of `validator` prior to 1.1.0 are affected by several cross-site scripting vulnerabilities due to bypasses discovered in the blacklist-based filter. ## Proof of Concept Various inputs that could bypass the filter were discovered: Improper parsing of nested tags: ``` This is a test ``` Incomplete filtering of javascript: URIs: ``` ">test ``` UI Redressing: ``` You h

CVE-2013-7453 [MEDIUM] CWE-79 Moderate severity vulnerability that affects validator Moderate severity vulnerability that affects validator The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.

CVE-2013-7451 [MEDIUM] CWE-79 Moderate severity vulnerability that affects validator Moderate severity vulnerability that affects validator The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

CVE-2013-7452 [MEDIUM] CWE-79 Moderate severity vulnerability that affects validator Moderate severity vulnerability that affects validator The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.