Plexus anblick Digital Signage Management 3.1.13 Open Redirect

Plexus anblick Digital Signage Management version 3.1.13 suffers from an open redirection vulnerability.

MD5 | 782ad6d29c9e25bea8d7de007fc6f4dd

Plexus anblick Digital Signage Management 3.1.13 (pagina param) Open Redirect

Vendor: Plexus
Product web page:
Affected version: 3.1.13

Summary: Advanced multiplatform digital signage solution. Reproduction of
multimedia content in a visual and impressive way. Adaptable to any use and
to various types of screen or display.

Desc: Input passed via the 'pagina' GET parameter in 'PantallaLogin' script
is not properly verified before being used to redirect users. This can be
exploited to redirect a user to an arbitrary website e.g. when a user clicks
a specially crafted link to the affected script hosted on a trusted domain.

Tested on: Apache Tomcat/6.0.20

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2020-5573
Advisory URL:




Related Posts