Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2019-0136

Good to know:

icon
icon

Date: June 13, 2019

All versions of Jquery mobile have an open redirect that leads to cross-site scripting when the endpoint reflects user input.

Language: JS

Severity Score

Related Resources (3)

https://github.com/jquery/jquery-mobile/commit/b0d9cc758a48f13321750d7409fb7655dcdf2b50
https://github.com/jquery/jquery-mobile/issues/8640
https://www.mend.io/vulnerability-database/WS-2019-0136

Severity Score

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

icon

Upgrade Version

Upgrade to version bmatzner/jquery-mobile-bundle - 1.3.0-beta1;bmatzner/jquery-mobile-bundle - no_fix;dolibarr/dolibarr - 6.0.0-beta;dolibarr/dolibarr - dev-scrutinizer-patch-4;dolibarr/dolibarr - 3.7.beta1_20141116;dolibarr/dolibarr - 3.8.beta1_20150712;dolibarr/dolibarr - 3.6.beta1_20140514;papajoker/jquerymobile - no_fix;syscover/pulsar - no_fix;syscover/pulsar - v2.0.19;syscover/pulsar - 1.0;syscover/pulsar - v2.0.17;sartajphp/sartajphp - v4.4.6;gromver/yii2-widgets - no_fix;vuea/viptv - no_fix;p2made/yii2-p2y2-things - v1.0.0;heimrichhannot/contao-blocks - no_fix;heimrichhannot/contao-blocks - 1.9.4;heimrichhannot/contao-blocks - 1.0.1;heimrichhannot/contao-blocks - 1.5.7;heimrichhannot/contao-blocks - 1.9.0;jQWidgets_Framework - 8.0.0;jQWidgets_Framework - 6.0.6;CMSApp - no_fix;ristorantino/aditions - no_fix;kitware/cdash - dev-release;kitware/cdash - dev-timeline_preserve_filters;kitware/cdash - v2.4.0-prebuilt;kitware/cdash - dev-master;ec-cube/ec-cube - 3.0.0-beta4;ovidentia/jquery - 1.12.4.1;mikespub/rvolz-bicbucstriim - v1.2.5;mikespub/rvolz-bicbucstriim - v1.x-dev;tangniyuqi/yii2-zui - 1.2.0;tangniyuqi/yii2-zui - no_fix;xj/yii2-jquery-mobile-widget - no_fix;papajoker/commando - no_fix;LBi.Etihad.Web - no_fix;jquery.mobile - no_fix;maniaplanet/dedicated-manager - no_fix;oakcms/oakcms - no_fix;jquery-mobile - no_fix;ristorantino/plugins - dev-master;mediawiki/refreshed-skin - dev-REL1_23;logue/pukiwiki_adv - 2.0.1;lx/jquery-bundle - no_fix;BMC.NET - 1.0.3;monstergfx/pi-music - 0.0.1-alpha;YvPackage - no_fix;horde/core - no_fix;hafsoft/jquery-mobile-bundle - v1.3.2;ec-cube2/ec-cube2 - no_fix;ec-cube2/ec-cube2 - 2.13.x-dev;phraseanet/phraseanet - 4.0.0-alpha.2;phraseanet/phraseanet - 3.8.3;xunuofeng/ordermeal - no_fix;org.webjars.bower:jquery-mobile:no_fix;org.webjars:apigee-javascript-sdk:no_fix;org.webjars.npm:alpaca:no_fix;org.webjars:jquery-mobile:1.4.3;org.webjars:jquery-mobile:1.3.0-1;org.webjars.npm:github-com-gitana-alpaca:no_fix;org.webjars.npm:github-com-jquery-jquery-mobile:no_fix;org.webjars.npm:jquery-mobile:no_fix

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): NONE

Do you need more information?

Contact Us