WS-2019-0136 | Mend Vulnerability Database

Vulnerability DatabaseWS-2019-0136

WS-2019-0136

Published:May 19, 2026

Updated:May 19, 2026

All versions of Jquery mobile have an open redirect that leads to cross-site scripting when the endpoint reflects user input.

Affected Packages

jquery-mobile (CDN_JS):

Affected version(s) >=1.4.3 <=1.5.0-alpha.1

Fix Suggestion:

Update to version no_fix

jquery-mobile (NPM):

Affected version(s) >=1.4.2-pre <=1.5.0-alpha.1

Fix Suggestion:

Update to version no_fix

jqwidgets_framework (NUGET):

Affected version(s) >=4.5.0 <6.0.6

Fix Suggestion:

Update to version 6.0.6

yvpackage (NUGET):

Affected version(s) =1.0.0

Fix Suggestion:

Update to version no_fix

bmc.net (NUGET):

Affected version(s) =1.0.2 <1.0.3

Fix Suggestion:

Update to version 1.0.3

jquery.mobile (NUGET):

Affected version(s) >=0.4.1 <=1.4.5

Fix Suggestion:

Update to version no_fix

jqwidgets_framework (NUGET):

Affected version(s) >=6.1.0 <8.0.0

Fix Suggestion:

Update to version 8.0.0

cmsapp (NUGET):

Affected version(s) =8.0.21.32

Fix Suggestion:

Update to version no_fix

lbi.etihad.web (NUGET):

Affected version(s) =0.2.0

Fix Suggestion:

Update to version no_fix

gromver/yii2-widgets (PHP):

Affected version(s) >=dev-master <=1.0.0.x-dev

Fix Suggestion:

Update to version no_fix

ovidentia/jquery (PHP):

Affected version(s) >=1.11.1.2 <1.12.4.1

Fix Suggestion:

Update to version 1.12.4.1

ristorantino/aditions (PHP):

Affected version(s) =dev-master-ko-js-update

Fix Suggestion:

Update to version no_fix

dolibarr/dolibarr (PHP):

Affected version(s) >=3.7.x-dev <3.8.beta1_20150712

Fix Suggestion:

Update to version 3.8.beta1_20150712

sartajphp/sartajphp (PHP):

Affected version(s) =v4.4.5 <v4.4.6

Fix Suggestion:

Update to version v4.4.6

vuea/viptv (PHP):

Affected version(s) >=dev-master <=5.1.x-dev

Fix Suggestion:

Update to version no_fix

mikespub/rvolz-bicbucstriim (PHP):

Affected version(s) =v1.0.0 <v1.x-dev

Fix Suggestion:

Update to version v1.x-dev

kitware/cdash (PHP):

Affected version(s) =v2.4.0 <v2.4.0-prebuilt

Fix Suggestion:

Update to version v2.4.0-prebuilt

bmatzner/jquery-mobile-bundle (PHP):

Affected version(s) =dev-master <1.3.0-beta1

Fix Suggestion:

Update to version 1.3.0-beta1

phraseanet/phraseanet (PHP):

Affected version(s) >=3.8.0 <3.8.3

Fix Suggestion:

Update to version 3.8.3

ec-cube2/ec-cube2 (PHP):

Affected version(s) >=2.12.4 <2.13.x-dev

Fix Suggestion:

Update to version 2.13.x-dev

p2made/yii2-p2y2-things (PHP):

Affected version(s) =1.0.0 <v1.0.0

Fix Suggestion:

Update to version v1.0.0

papajoker/commando (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

kitware/cdash (PHP):

Affected version(s) =dev-logging <dev-master

Fix Suggestion:

Update to version dev-master

oakcms/oakcms (PHP):

Affected version(s) >=dev-master <=v0.0.1-beta.0.1

Fix Suggestion:

Update to version no_fix

lx/jquery-bundle (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

tangniyuqi/yii2-zui (PHP):

Affected version(s) =1.3.0

Fix Suggestion:

Update to version no_fix

ec-cube/ec-cube (PHP):

Affected version(s) >=3.0.0-beta0 <3.0.0-beta4

Fix Suggestion:

Update to version 3.0.0-beta4

kitware/cdash (PHP):

Affected version(s) =dev-tango_deploy <dev-timeline_preserve_filters

Fix Suggestion:

Update to version dev-timeline_preserve_filters

syscover/pulsar (PHP):

Affected version(s) >=v2.0.20 <=2.0.22

Fix Suggestion:

Update to version no_fix

kitware/cdash (PHP):

Affected version(s) =dev-redo-testing-infrastructure <dev-release

Fix Suggestion:

Update to version dev-release

heimrichhannot/contao-blocks (PHP):

Affected version(s) =1.9.3 <1.9.4

Fix Suggestion:

Update to version 1.9.4

ec-cube2/ec-cube2 (PHP):

Affected version(s) >=2.13.0.x-dev <=2.17.1.x-dev

Fix Suggestion:

Update to version no_fix

syscover/pulsar (PHP):

Affected version(s) =v2.0.18 <v2.0.19

Fix Suggestion:

Update to version v2.0.19

logue/pukiwiki_adv (PHP):

Affected version(s) =2.0.x-dev <2.0.1

Fix Suggestion:

Update to version 2.0.1

dolibarr/dolibarr (PHP):

Affected version(s) >=3.8.x-dev <dev-scrutinizer-patch-4

Fix Suggestion:

Update to version dev-scrutinizer-patch-4

papajoker/jquerymobile (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=dev-master <1.0.1

Fix Suggestion:

Update to version 1.0.1

bmatzner/jquery-mobile-bundle (PHP):

Affected version(s) >=1.3.0 <=1.4.5

Fix Suggestion:

Update to version no_fix

ristorantino/plugins (PHP):

Affected version(s) =dev-adicion-ko-jq-update <dev-master

Fix Suggestion:

Update to version dev-master

tangniyuqi/yii2-zui (PHP):

Affected version(s) >=dev-master <1.2.0

Fix Suggestion:

Update to version 1.2.0

maniaplanet/dedicated-manager (PHP):

Affected version(s) >=dev-master <=2.1

Fix Suggestion:

Update to version no_fix

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=1.0.2 <1.5.7

Fix Suggestion:

Update to version 1.5.7

heimrichhannot/contao-blocks (PHP):

Affected version(s) >=1.8.3 <1.9.0

Fix Suggestion:

Update to version 1.9.0

xunuofeng/ordermeal (PHP):

Affected version(s) =dev-master

Fix Suggestion:

Update to version no_fix

hafsoft/jquery-mobile-bundle (PHP):

Affected version(s) =dev-master <v1.3.2

Fix Suggestion:

Update to version v1.3.2

monstergfx/pi-music (PHP):

Affected version(s) >=dev-develop <0.0.1-alpha

Fix Suggestion:

Update to version 0.0.1-alpha

syscover/pulsar (PHP):

Affected version(s) =dev-master <1.0

Fix Suggestion:

Update to version 1.0

xj/yii2-jquery-mobile-widget (PHP):

Affected version(s) >=dev-master <=1.0.0

Fix Suggestion:

Update to version no_fix

dolibarr/dolibarr (PHP):

Affected version(s) >=4.0.1 <6.0.0-beta

Fix Suggestion:

Update to version 6.0.0-beta

phraseanet/phraseanet (PHP):

Affected version(s) >=v3.8.3 <4.0.0-alpha.2

Fix Suggestion:

Update to version 4.0.0-alpha.2

dolibarr/dolibarr (PHP):

Affected version(s) >=3.6.x-dev <3.7.beta1_20141116

Fix Suggestion:

Update to version 3.7.beta1_20141116

mikespub/rvolz-bicbucstriim (PHP):

Affected version(s) >=v1.1.0 <v1.2.5

Fix Suggestion:

Update to version v1.2.5

dolibarr/dolibarr (PHP):

Affected version(s) >=3.6.0-beta <3.6.beta1_20140514

Fix Suggestion:

Update to version 3.6.beta1_20140514

Related Resources (2)

https://github.com/jquery/jquery-mobile/commit/b0d9cc758a48f13321750d7409fb7655dcdf2b50

https://github.com/jquery/jquery-mobile/issues/8640

Do you need more information?

CVSS v4

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

NONE

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE