CVE-2024-39325

MEDIUM Year: 2024
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-841
View all →

Vulnerability Description

aimeos/ai-controller-frontend is the Aimeos frontend controller. Prior to versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15, aimeos/ai-controller-frontend doesn't reset the payment status of a user's basket after the user completes a purchase. Versions 2024.04.2, 2023.10.9, 2022.10.8, 2021.10.8, and 2020.10.15 fix this issue.

Related Vulnerabilities

CVE-2024-37296

MEDIUM
CVSS:5.3(Medium)

The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digit...

CWE-8412024

CVE-2024-6128

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, has been found in spa-cartcms 1.9.0.6. This issue affects some unknown processing of the file /checkout of the component Checkout Page. The manipu...

CWE-8412024

CVE-2024-44128

MEDIUM
CVSS:5.5(Medium)

This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Ventura 13.7, macOS Sonoma 14.7, macOS Sequoia 15. An Automator Quick Action workflow may be able...

CWE-8412024

CVE-2023-1383

MEDIUM
CVSS:4.3(Medium)

An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible. ...

CWE-8412023

CVE-2023-5921

HIGH
CVSS:7.1(High)

Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass.This issue affects Geodi: before 8.0.0.27396.

CWE-8412023

CVE-2025-48376

LOW
CVSS:3.5(Low)

DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an exte...

CWE-8412025