Unrated severityNVD Advisory· Published Jan 21, 2021· Updated Aug 3, 2024
CVE-2021-22873
CVE-2021-22873
Description
Revive Adserver before 5.1.0 is vulnerable to open redirects via the dest, oadest, and/or ct0 parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Revive Adserver/Revive Adserverdescription
- Range: <5.1.0
Patches
Vulnerability mechanics
References
5- packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2021/Jan/60mitremailing-listx_refsource_FULLDISC
- github.com/revive-adserver/revive-adserver/issues/1068mitrex_refsource_MISC
- hackerone.com/reports/1081406mitrex_refsource_MISC
- www.revive-adserver.com/security/revive-sa-2021-001/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.