WS-2019-0136 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0136

WS-2019-0136

Published:May 14, 2026

Updated:May 14, 2026

All versions of Jquery mobile have an open redirect that leads to cross-site scripting when the endpoint reflects user input.

Affected Packages

jquery-mobile (CDN_JS):

Affected version(s) >=1.4.3 <=1.5.0-alpha.1

Fix Suggestion:

Update to version no_fix

jquery-mobile (NPM):

Affected version(s) >=1.4.2-pre <=1.5.0-alpha.1

Fix Suggestion:

Update to version no_fix

jqwidgets_framework (NUGET):

Affected version(s) >=4.5.0 <6.0.6

Fix Suggestion:

Update to version 6.0.6

bmc.net (NUGET):

Affected version(s) =1.0.2 <1.0.3

Fix Suggestion:

Update to version 1.0.3

lbi.etihad.web (NUGET):

Affected version(s) =0.2.0

Fix Suggestion:

Update to version no_fix

jquery.mobile (NUGET):

Affected version(s) >=0.4.1 <=1.4.5

Fix Suggestion:

Update to version no_fix

jqwidgets_framework (NUGET):

Affected version(s) >=6.1.0 <8.0.0

Fix Suggestion:

Update to version 8.0.0

yvpackage (NUGET):

Affected version(s) =1.0.0

Fix Suggestion:

Update to version no_fix

cmsapp (NUGET):

Affected version(s) =8.0.21.32

Fix Suggestion:

Update to version no_fix

lx/jquery-bundle (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

mikespub/rvolz-bicbucstriim (PHP):

Affected version(s) >=v1.1.0 <v1.2.5

Fix Suggestion:

Update to version v1.2.5

dolibarr/dolibarr (PHP):

Affected version(s) >=3.6.x-dev <3.7.beta1_20141116

Fix Suggestion:

Update to version 3.7.beta1_20141116

kitware/cdash (PHP):

Affected version(s) =dev-tango_deploy <dev-timeline_preserve_filters

Fix Suggestion:

Update to version dev-timeline_preserve_filters

phraseanet/phraseanet (PHP):

Affected version(s) >=3.8.0 <3.8.3

Fix Suggestion:

Update to version 3.8.3

p2made/yii2-p2y2-things (PHP):

Affected version(s) =1.0.0 <v1.0.0

Fix Suggestion:

Update to version v1.0.0

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=1.0.2 <1.5.7

Fix Suggestion:

Update to version 1.5.7

syscover/pulsar (PHP):

Affected version(s) =dev-master <1.0

Fix Suggestion:

Update to version 1.0

dolibarr/dolibarr (PHP):

Affected version(s) >=3.7.x-dev <3.8.beta1_20150712

Fix Suggestion:

Update to version 3.8.beta1_20150712

logue/pukiwiki_adv (PHP):

Affected version(s) =2.0.x-dev <2.0.1

Fix Suggestion:

Update to version 2.0.1

bmatzner/jquery-mobile-bundle (PHP):

Affected version(s) >=1.3.0 <=1.4.5

Fix Suggestion:

Update to version no_fix

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=1.8.3 <1.9.0

Fix Suggestion:

Update to version 1.9.0

bmatzner/jquery-mobile-bundle (PHP):

Affected version(s) =dev-master <1.3.0-beta1

Fix Suggestion:

Update to version 1.3.0-beta1

tangniyuqi/yii2-zui (PHP):

Affected version(s) =1.3.0

Fix Suggestion:

Update to version no_fix

kitware/cdash (PHP):

Affected version(s) =v2.4.0 <v2.4.0-prebuilt

Fix Suggestion:

Update to version v2.4.0-prebuilt

papajoker/jquerymobile (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=dev-master <1.0.1

Fix Suggestion:

Update to version 1.0.1

phraseanet/phraseanet (PHP):

Affected version(s) >=v3.8.3 <4.0.0-alpha.2

Fix Suggestion:

Update to version 4.0.0-alpha.2

syscover/pulsar (PHP):

Affected version(s) >=v2.0.20 <=2.0.22

Fix Suggestion:

Update to version no_fix

ec-cube2/ec-cube2 (PHP):

Affected version(s) >=2.12.4 <2.13.x-dev

Fix Suggestion:

Update to version 2.13.x-dev

dolibarr/dolibarr (PHP):

Affected version(s) >=4.0.1 <6.0.0-beta

Fix Suggestion:

Update to version 6.0.0-beta

vuea/viptv (PHP):

Affected version(s) >=dev-master <=5.1.x-dev

Fix Suggestion:

Update to version no_fix

mikespub/rvolz-bicbucstriim (PHP):

Affected version(s) =v1.0.0 <v1.x-dev

Fix Suggestion:

Update to version v1.x-dev

kitware/cdash (PHP):

Affected version(s) =dev-redo-testing-infrastructure <dev-release

Fix Suggestion:

Update to version dev-release

dolibarr/dolibarr (PHP):

Affected version(s) >=3.6.0-beta <3.6.beta1_20140514

Fix Suggestion:

Update to version 3.6.beta1_20140514

ristorantino/aditions (PHP):

Affected version(s) =dev-master-ko-js-update

Fix Suggestion:

Update to version no_fix

hafsoft/jquery-mobile-bundle (PHP):

Affected version(s) =dev-master <v1.3.2

Fix Suggestion:

Update to version v1.3.2

ristorantino/plugins (PHP):

Affected version(s) =dev-adicion-ko-jq-update <dev-master

Fix Suggestion:

Update to version dev-master

kitware/cdash (PHP):

Affected version(s) =dev-logging <dev-master

Fix Suggestion:

Update to version dev-master

ec-cube/ec-cube (PHP):

Affected version(s) >=3.0.0-beta0 <3.0.0-beta4

Fix Suggestion:

Update to version 3.0.0-beta4

xunuofeng/ordermeal (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

monstergfx/pi-music (PHP):

Affected version(s) >=dev-develop <0.0.1-alpha

Fix Suggestion:

Update to version 0.0.1-alpha

xj/yii2-jquery-mobile-widget (PHP):

Affected version(s) >=dev-master <=1.0.0

Fix Suggestion:

Update to version no_fix

ec-cube2/ec-cube2 (PHP):

Affected version(s) >=2.13.0.x-dev <=2.17.1.x-dev

Fix Suggestion:

Update to version no_fix

maniaplanet/dedicated-manager (PHP):

Affected version(s) >=dev-master <=2.1

Fix Suggestion:

Update to version no_fix

tangniyuqi/yii2-zui (PHP):

Affected version(s) >=dev-master <1.2.0

Fix Suggestion:

Update to version 1.2.0

oakcms/oakcms (PHP):

Affected version(s) >=dev-master <=v0.0.1-beta.0.1

Fix Suggestion:

Update to version no_fix

syscover/pulsar (PHP):

Affected version(s) =v2.0.18 <v2.0.19

Fix Suggestion:

Update to version v2.0.19

ovidentia/jquery (PHP):

Affected version(s) >=1.11.1.2 <1.12.4.1

Fix Suggestion:

Update to version 1.12.4.1

gromver/yii2-widgets (PHP):

Affected version(s) >=dev-master <=1.0.0.x-dev

Fix Suggestion:

Update to version no_fix

sartajphp/sartajphp (PHP):

Affected version(s) =v4.4.5 <v4.4.6

Fix Suggestion:

Update to version v4.4.6

heimrichhannot/contao-blocks (PHP):

Affected version(s) =1.9.3 <1.9.4

Fix Suggestion:

Update to version 1.9.4

dolibarr/dolibarr (PHP):

Affected version(s) >=3.8.x-dev <dev-scrutinizer-patch-4

Fix Suggestion:

Update to version dev-scrutinizer-patch-4

papajoker/commando (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

Related Resources (2)

https://github.com/jquery/jquery-mobile/commit/b0d9cc758a48f13321750d7409fb7655dcdf2b50

https://github.com/jquery/jquery-mobile/issues/8640

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE