{
  "affected": [
    {
      "ranges": [
        {
          "database_specific": {
            "versions": [
              {
                "introduced": "0"
              },
              {
                "last_affected": "0.2.1"
              }
            ]
          },
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1a84d1ca22b8651f180aea5058429216ee1fb990"
            }
          ],
          "repo": "https://github.com/micropyramid/django-crm",
          "type": "GIT"
        }
      ]
    }
  ],
  "details": "Multiple CSRF issues exist in MicroPyramid Django CRM 0.2.1 via /change-password-by-admin/, /api/settings/add/, /cases/create/, /change-password-by-admin/, /comment/add/, /documents/1/view/, /documents/create/, /opportunities/create/, and /login/.",
  "id": "CVE-2019-11457",
  "modified": "2026-03-15T13:50:58.215246540Z",
  "published": "2019-08-27T15:15:11.367Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "http://packetstormsecurity.com/files/154219/Django-CRM-0.2.1-Cross-Site-Request-Forgery.html"
    },
    {
      "type": "ADVISORY",
      "url": "http://seclists.org/fulldisclosure/2019/Aug/30"
    },
    {
      "type": "ADVISORY",
      "url": "https://www.netsparker.com/blog/web-security/"
    }
  ],
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}