agXchange ESM - 'ucschcancelproc.jsp' Open Redirection

EDB-ID:

33779

CVE:

N/A

Author:

Lament

Type:

webapps

Platform:

JSP

Published:

2010-03-22

source: https://www.securityfocus.com/bid/38879/info

agXchange ESM is prone to an open-redirection vulnerability because the application fails to properly sanitize user-supplied input.

A successful exploit may aid in phishing attacks; other attacks are possible. 

http://www.example.com/[agx_application]/pages/ucschcancelproc.jsp?returnpage=http://www.RedirectExample.com