Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026
Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation
CVE-2021-47721
Description
Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<=1.8.0+ 1 more
- (no CPE)range: <=1.8.0
- (no CPE)range: 1.8.0
Patches
Vulnerability mechanics
References
3- www.exploit-db.com/exploits/50551mitreexploit
- www.vulncheck.com/advisories/orangescrum-authenticated-privilege-escalation-via-user-session-manipulationmitrethird-party-advisory
- www.orangescrum.orgmitreproduct
News mentions
0No linked articles in our index yet.