{"api_version":"1","generated_at":"2026-07-16T10:16:49+00:00","cve":"CVE-2021-22873","urls":{"html":"https://cve.report/CVE-2021-22873","api":"https://cve.report/api/cve/CVE-2021-22873.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-22873","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-22873"},"summary":{"title":"CVE-2021-22873","description":"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.","state":"PUBLIC","assigner":"support@hackerone.com","published_at":"2021-01-26 18:16:00","updated_at":"2021-02-02 15:09:00"},"problem_types":["CWE-601"],"metrics":[],"references":[{"url":"https://hackerone.com/reports/1081406","name":"https://hackerone.com/reports/1081406","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"HackerOne","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/revive-adserver/revive-adserver/issues/1068","name":"https://github.com/revive-adserver/revive-adserver/issues/1068","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"open redirect (oadest url) ck.php revive 4.2.1 · Issue #1068 · revive-adserver/revive-adserver · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2021/Jan/60","name":"20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities","refsource":"FULLDISC","tags":["Broken Link","Mailing List","Third Party Advisory"],"title":"Full Disclosure: [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html","name":"http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html","refsource":"MISC","tags":["Third Party Advisory","VDB Entry"],"title":"Revive Adserver 5.0.5 Cross Site Scripting / Open Redirect ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.revive-adserver.com/security/revive-sa-2021-001/","name":"https://www.revive-adserver.com/security/revive-sa-2021-001/","refsource":"MISC","tags":["Vendor Advisory"],"title":"Revive Adserver Security Advisory SA-2021-001","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-22873","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-22873","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"22873","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"revive-adserver","cpe5":"revive_adserver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"22873","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"revive-adserver","cpe5":"revive_adserver","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-22873","ASSIGNER":"support@hackerone.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"https://github.com/revive-adserver/revive-adserver","version":{"version_data":[{"version_value":"Fixed in 5.1.0"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Open Redirect (CWE-601)"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://hackerone.com/reports/1081406","url":"https://hackerone.com/reports/1081406"},{"refsource":"MISC","name":"https://www.revive-adserver.com/security/revive-sa-2021-001/","url":"https://www.revive-adserver.com/security/revive-sa-2021-001/"},{"refsource":"MISC","name":"https://github.com/revive-adserver/revive-adserver/issues/1068","url":"https://github.com/revive-adserver/revive-adserver/issues/1068"},{"refsource":"FULLDISC","name":"20210122 [REVIVE-SA-2021-001] Revive Adserver Vulnerabilities","url":"http://seclists.org/fulldisclosure/2021/Jan/60"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html","url":"http://packetstormsecurity.com/files/161070/Revive-Adserver-5.0.5-Cross-Site-Scripting-Open-Redirect.html"}]},"description":{"description_data":[{"lang":"eng","value":"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability."}]}},"nvd":{"publishedDate":"2021-01-26 18:16:00","lastModifiedDate":"2021-02-02 15:09:00","problem_types":["CWE-601"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":5.8},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:*","versionEndExcluding":"5.1.0","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"22873","Ordinal":"197606","Title":"CVE-2021-22873","CVE":"CVE-2021-22873","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"22873","Ordinal":"1","NoteData":"Revive Adserver before 5.1.0 is vulnerable to open redirects via the `dest`, `oadest`, and/or `ct0` parameters of the lg.php and ck.php delivery scripts. Such open redirects had previously been available by design to allow third party ad servers to track such metrics when delivering ads. However, third party click tracking via redirects is not a viable option anymore, leading to such open redirect functionality being removed and reclassified as a vulnerability.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"22873","Ordinal":"2","NoteData":"2021-01-21","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"22873","Ordinal":"3","NoteData":"2021-01-25","Type":"Other","Title":"Modified"}]}}}