CVE-2020-36912
Unknown Unknown - Not Provided
Open Redirect in Plexus anblick Digital Signage 'PantallaLogin' Script

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: VulnCheck

Description
Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-06-16
AI Q&A
2026-01-06
EPSS Evaluated
2026-06-15
NVD
CVE-2020-36912
EUVD
EUVD-2026-1025
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
plexus anblick_digital_signage_management 3.1.13
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-601 The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2020-36912 is an open redirect vulnerability in Plexus anblick Digital Signage Management version 3.1.13. It occurs in the 'PantallaLogin' script where the 'pagina' GET parameter is not properly validated. Attackers can manipulate this parameter to create malicious links that redirect users from a trusted site to arbitrary, potentially harmful external websites. This can be exploited to perform phishing or spoofing attacks by tricking users into visiting untrusted sites. [1, 3]

Impact Analysis

This vulnerability can impact you by enabling attackers to redirect users to malicious websites through crafted links. This can lead to phishing attacks, where users might be tricked into providing sensitive information or downloading malware. Since the redirect happens from a trusted domain, users may be more likely to trust the malicious destination, increasing the risk of security breaches. [1, 3]

Detection Guidance

This vulnerability can be detected by monitoring HTTP requests to the 'PantallaLogin' script and inspecting the 'pagina' GET parameter for suspicious or unexpected URL redirection values. You can use network traffic analysis tools like tcpdump or Wireshark to capture HTTP requests and grep or filter for 'PantallaLogin' and 'pagina' parameters. For example, using curl to test the endpoint with crafted 'pagina' parameters to see if redirection occurs: curl -v 'http://<target>/PantallaLogin?pagina=http://malicious.example.com'. Additionally, web server logs can be searched for unusual 'pagina' parameter values that redirect to external sites. [1, 3]

Mitigation Strategies

Immediate mitigation steps include restricting or validating the 'pagina' GET parameter input to ensure it only allows internal or trusted URLs, implementing input validation or sanitization on the server side, and educating users to be cautious about clicking suspicious links. Since no vendor patch or status is provided, consider applying web application firewall (WAF) rules to block or monitor requests with suspicious 'pagina' parameter values. Also, monitor and audit logs for exploitation attempts and inform users about the risk of phishing via malicious redirects. [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2020-36912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart