Open Redirect Vulnerability in Plexus anblick Digital Signage Management
CVE-2020-36912

5.1MEDIUM

Key Information:

Vendor

Plexus

Status
Plexus Anblick Digital Signage Management
Vendor
CVE Published:
6 January 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2020-36912?

The Plexus anblick Digital Signage Management version 3.1.13 contains a significant open redirect vulnerability within the 'PantallaLogin' script. This flaw arises from inadequate validation of the 'pagina' GET parameter, enabling attackers to forge malicious links. Such manipulation can redirect unsuspecting users to arbitrary websites, potentially exposing them to phishing attacks or malware. Addressing this vulnerability is crucial for maintaining the security integrity of web applications and protecting user information.

Affected Version(s)

Plexus anblick Digital Signage Management 3.1.13

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2020-36912 - Proof of Concept

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-55...
third-party-advisory
https://packetstormsecurity.com/files/158473
exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/185521
vdb-entry

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

LiquidWorm as Gjoko Krstic of Zero Science Lab
JSON
.
CVE-2020-36912 : Open Redirect Vulnerability in Plexus anblick Digital Signage Management