EIP-2026-102454
PRE-CVEagXchange ESM - 'ucschcancelproc.jsp' Open Redirection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-102454. PoCs published by Lament.
AI-analyzed exploit summary This is a writeup describing an open-redirection vulnerability in agXchange ESM. The application fails to sanitize user-supplied input in the 'returnpage' parameter, allowing attackers to redirect users to arbitrary URLs.
Description
agXchange ESM - 'ucschcancelproc.jsp' Open Redirection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lament · textwebappsjsp
https://www.exploit-db.com/exploits/33779
This is a writeup describing an open-redirection vulnerability in agXchange ESM. The application fails to sanitize user-supplied input in the 'returnpage' parameter, allowing attackers to redirect users to arbitrary URLs.
Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target:
agXchange ESM
No auth needed
Prerequisites:
Access to the vulnerable application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026