CVE-2020-36912 | THREATINT

Description

Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter.

PUBLISHED Reserved 2026-01-03 | Published 2026-01-06 | Updated 2026-01-06 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

CRITICAL: 9.8CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem types

URL Redirection to Untrusted Site ('Open Redirect')

Product status

3.1.13

affected

Credits

LiquidWorm as Gjoko Krstic of Zero Science Lab finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5573.php (Zero Science Lab Disclosure (ZSL-2020-5573)) third-party-advisory

packetstormsecurity.com/files/158473 (Packet Storm Security Exploit Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/185521 (IBM X-Force Vulnerability Exchange Entry) vdb-entry

www.plexus.es/ (Plexus Vendor Homepage) product

www.vulncheck.com/...ment-open-redirect-via-pagina-parameter (VulnCheck Advisory: Plexus anblick Digital Signage Management 3.1.13 Open Redirect via Pagina Parameter) third-party-advisory

cve.org (CVE-2020-36912)

nvd.nist.gov (CVE-2020-36912)

Download JSON