VYPR
Unrated severityNVD Advisory· Published Dec 23, 2025· Updated Mar 5, 2026

Orangescrum 1.8.0 Authenticated Privilege Escalation via User Session Manipulation

CVE-2021-47721

Description

Orangescrum 1.8.0 contains a privilege escalation vulnerability that allows authenticated users to take over other project-assigned accounts by manipulating session cookies. Attackers can extract the victim's unique ID from the page source and replace their own session cookie to gain unauthorized access to another user's account.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.