Lucene search
K

Revive Adserver <5.1.0 - Open Redirect

🗓️ 03 Jul 2026 13:39:16Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 71 Views

Revive Adserver <5.1.0 - Open Redirect vulnerability via dest, oadest, and ct0 parameters of lg.php and ck.php scripts. Allows redirecting to malicious sites and phishing attacks

Related
Refs
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Open Redirect in Revive-Adserver Revive_Adserver
22 Jul 202321:49
githubexploit
Circl
CVE-2021-22873
27 Apr 202309:58
circl
CNNVD
Revive Adserver 输入验证错误漏洞
24 Jan 202100:00
cnnvd
CNVD
Revive Adserver Input Validation Error Vulnerability (CNVD-2021-23389)
1 Feb 202100:00
cnvd
CVE
CVE-2021-22873
21 Jan 202119:14
cve
Cvelist
CVE-2021-22873
21 Jan 202119:14
cvelist
Hacker One
Revive Adserver: Open redirect in ck.php and lg.php
19 Jan 202112:51
hackerone
NVD
CVE-2021-22873
26 Jan 202118:16
nvd
Packet Storm
Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect
24 Jan 202100:00
packetstorm
Prion
Open redirect
26 Jan 202118:16
prion
Rows per page
id: CVE-2021-22873

info:
  name: Revive Adserver <5.1.0 - Open Redirect
  author: pudsec
  severity: medium
  description: Revive Adserver before 5.1.0 contains an open redirect vulnerability via the dest, oadest, and ct0 parameters of the lg.php and ck.php delivery scripts. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to redirect users to malicious websites, leading to phishing attacks or the execution of further attacks.
  remediation: |
    Upgrade Revive Adserver to version 5.1.0 or later to mitigate this vulnerability.
  reference:
    - https://hackerone.com/reports/1081406
    - https://github.com/revive-adserver/revive-adserver/issues/1068
    - http://seclists.org/fulldisclosure/2021/Jan/60
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22873
    - http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-22873
    cwe-id: CWE-601
    epss-score: 0.66141
    epss-percentile: 0.99182
    cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 6
    vendor: revive-adserver
    product: revive_adserver
    shodan-query:
      - http.favicon.hash:106844876
      - http.title:"revive adserver"
    fofa-query:
      - icon_hash=106844876
      - title="revive adserver"
    google-query: intitle:"revive adserver"
  tags: cve2021,cve,hackerone,seclists,packetstorm,redirect,revive,revive-adserver,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/ads/www/delivery/lg.php?dest=http://interact.sh"
      - "{{BaseURL}}/adserve/www/delivery/lg.php?dest=http://interact.sh"
      - "{{BaseURL}}/adserver/www/delivery/lg.php?dest=http://interact.sh"
      - "{{BaseURL}}/openx/www/delivery/lg.php?dest=http://interact.sh"
      - "{{BaseURL}}/revive/www/delivery/lg.php?dest=http://interact.sh"
      - "{{BaseURL}}/www/delivery/lg.php?dest=http://interact.sh"

    stop-at-first-match: true
    host-redirects: true
    max-redirects: 2
    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)(?:[a-zA-Z0-9\-_\.@]*)interact\.sh\/?(\/|[^.].*)?$' # https://regex101.com/r/L403F0/1
# digest: 4b0a004830460221009e8ff3e7e58e0deeefe0b062a232ea0b9d335399c077cb7ef81027becac1b2e4022100a51fc6d2899600b013101482964b2ad5712b11ec4a897dce0d854122f9d890e8:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25.8
CVSS 3.16.1
EPSS0.66141
71