CVE-2021-22873

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
Configurations

Configuration 1 (hide)

cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2021-01-26 18:16

Updated : 2024-02-28 18:08


NVD link : CVE-2021-22873

Mitre link : CVE-2021-22873

CVE.ORG link : CVE-2021-22873


JSON object : View

Products Affected

revive-adserver

  • revive_adserver
CWE
CWE-601

URL Redirection to Untrusted Site ('Open Redirect')