CVE-2021-22873

CVE-2021-22873

Vendor N/A
Product https://github.com/revive-adserver/revive-adserver
Weakness CWE-601 · Open redirect
Published January 21, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.

Key dates

02Disclosure timeline

January 21, 2021 CVE published
August 3, 2024 Record updated