CVE-2025-59430: Unvalidated Base64 Url

Base64 decoded data is parsed or used as a URL without protocol validation. Ensure the URL scheme is validated against 'http://' or 'https://' before using it to prevent Cross-Site Scripting (XSS).

Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0javascript

greprules fetch cve-2025-59430-unvalidated-base64-url --engine opengrep

Description

Base64 decoded data is parsed or used as a URL without protocol validation. Ensure the URL scheme is validated against 'http://' or 'https://' before using it to prevent Cross-Site Scripting (XSS).

Detection target

Not provided

Recommended fix

Not provided

False-positive notes

Not provided

License: Apache-2.0
Source context: Public repository
Source: Provally CVE rule catalog
Validation status: Verified
Trust signals: 115 downloads
0 direct115 via packs
· 0 stars · Trust score 61How trust works
Included packs: 2 packs

Community feedback

Mark useful Report false positive Suggest metadata