CVE-2025-5096: Insecure Merge Jquery Data
Direct merging of DOM data attributes into configuration objects using APIs like `$.extend` or `Object.assign` without escaping can lead to Cross-Site Scripting (XSS) if the attributes are later rendered. Ensure that data properties are appropriately sanitized before merging.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
JS
JSgreprules fetch cve-2025-5096-insecure-merge-jquery-data --engine opengrepDescription
Direct merging of DOM data attributes into configuration objects using APIs like `$.extend` or `Object.assign` without escaping can lead to Cross-Site Scripting (XSS) if the attributes are later rendered. Ensure that data properties are appropriately sanitized before merging.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0