VulnerableCode Package Details - pkg:pypi/django-cms@3.0.6

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:pypi/django-cms@3.0.6

Essentials
History (1)

purl	pkg:pypi/django-cms@3.0.6

Next non-vulnerable version	3.0.14
Latest non-vulnerable version	3.7.4
Risk

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-8yrk-ntfb-d7e1 Aliases: CVE-2015-5081 PYSEC-2017-11	Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.	3.0.14 Affected by 0 other vulnerabilities. 3.1.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-8yrk-ntfb-d7e1
Aliases:
CVE-2015-5081
PYSEC-2017-11

Cross-site request forgery (CSRF) vulnerability in django CMS before 3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate privileged users into performing unknown actions via unspecified vectors.

3.0.14
Affected by 0 other vulnerabilities.

3.1.1
Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-02T04:04:41.704680+00:00	Pypa Importer	Affected by	VCID-8yrk-ntfb-d7e1	https://github.com/pypa/advisory-database/blob/main/vulns/django-cms/PYSEC-2017-11.yaml	38.6.0