How severe is CVE-2024-37296?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2024-37296?

This is classified as CWE-841, which is a common weakness in software security.

CVE-2024-37296 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.

Related Vulnerabilities

CVE-2024-39325

MEDIUM

CVSS:5.3(Medium)

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment s...

CWE-8412024

CVE-2024-6128

MEDIUM

CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipu...

CWE-8412024

CVE-2024-44128

MEDIUM

CVSS:5.5(Medium)

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able...

CWE-8412024

CVE-2023-1383

MEDIUM

CVSS:4.3(Medium)

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. ...

CWE-8412023

CVE-2023-5921

HIGH

CVSS:7.1(High)

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.

CWE-8412023

CVE-2025-48376

LOW

CVSS:3.5(Low)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an exte...

CWE-8412025