Plexus anblick Digital Signage Management 3.1.13 (pagina param) Open Redirect  
Vendor: Plexus  
Product web page:  
Affected version: 3.1.13  
Summary: Advanced multiplatform digital signage solution. Reproduction of  
multimedia content in a visual and impressive way. Adaptable to any use and  
to various types of screen or display.  
Desc: Input passed via the 'pagina' GET parameter in 'PantallaLogin' script  
is not properly verified before being used to redirect users. This can be  
exploited to redirect a user to an arbitrary website e.g. when a user clicks  
a specially crafted link to the affected script hosted on a trusted domain.  
Tested on: Apache Tomcat/6.0.20  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Advisory ID: ZSL-2020-5573  
Advisory URL: