CVE-2021-47721 Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized...