In LuxSoft LuxCal Web Calendar before 5.2.0, an unauthenticated attacker can manipulate a cookie value. This allows the attacker's session to be authenticated as any registered LuxCal user, including the site administrator.Referenceshttps://github.com/h1pmnhhttps://twitter.com/h1pmnhhttps://www.luxsoft.eu/index.php?pge=dloadhttps://h1pmnh.github.io/post/cve-luxcal-2021/
