1. ViUR Admin Session Hijack: Open Redirect in `get_cookie_for_app` Exposed Privileged Credentials
A critical open-redirect vulnerability in the ViUR framework's `get_cookie_for_app` endpoint allowed attackers to steal admin session cookies with a single malicious link. The flaw was in the endpoint's handling of the `redirect_to` parameter, which appended the user's session cookie as a plain query parameter to any s...