Описание
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
Ссылки
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Release NotesVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 3.0.13 (включая)
Одно из
cpe:2.3:a:django-cms:django_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:django-cms:django_cms:3.1:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00196
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352
Связанные уязвимости
CVSS3: 4.7
redhat
больше 8 лет назад
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
CVSS3: 8.8
debian
больше 8 лет назад
Cross-site request forgery (CSRF) vulnerability in django CMS before 3 ...
EPSS
Процентиль: 41%
0.00196
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-352