XSS Filter Bypass via Encoded URL in validator

Severity:: Medium

Description

Versions of validator prior to 2.0.0 contained an xss filter method that is affected by several filter bypasses. This may result in a cross-site scripting vulnerability.

Recommendation

Update the validator package to the latest compatible version. Followings are version details:

Affected version(s): < 2.0.0
Patched version(s): 2.0.0

References

GHSA-79mx-88w7-8f7q
www.npmjs.com
www.openwall.com
www.securityfocus.com
CVE-2014-9772
CWE-79
CAPEC-310
OWASP 2021-A3
OWASP 2021-A6

Related Issues

counterpart vulnerable to prototype pollution - CVE-2025-57354
Parse Server has an OAuth login vulnerability - CVE-2025-30168
Use of Insufficiently Random Values in undici - CVE-2025-22150
SummerNote Cross Site Scripting Vulnerability - CVE-2024-37629

Tags:: npm; validator

Anything's wrong? Let us know Last updated on January 09, 2023