CVE-2015-5081
django-cms CSRF Vulnerability
8.8
HIGH
CVSS 3.1
EPSS 0.20%
Description
Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.
How to fix CVE-2015-5081
To remediate CVE-2015-5081, upgrade the affected package to a fixed version below.
- PyPI/django-cms—upgrade to 3.0.14 or later
- —upgrade to f77cbc607d6e2a62e63287d37ad320109a2cc78a or later
Is CVE-2015-5081 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.0.14
- from 0, < f77cbc607d6e2a62e63287d37ad320109a2cc78a | from 0, < 3.0.14, >= 3.1, < 3.1.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N |
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |