Approved changes feed: RSS · Atom

cpe:2.3:a:aimeos:ai-client-html:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorAimeos (b4d165b0-ea44-5b6c-9214-9c2f903ffab7)
ProductAi Client Html (4510a013-566b-5af9-8987-5ad351de54a4)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-38516 vulnerable 2026-06-08 06:41:47.614298 Aimeos HTML client may potentially reveal sensitive information in error log
HIGH (8.8)
ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from environment variables in error log. This issue has been patched in versions 2024.04.7, 2023.10.15, 2022.10.13 and 2021.10.22.
Published: 2024-06-25T20:08:50.779Z
Updated: 2024-08-02T04:12:25.172Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2024-37296 vulnerable 2026-06-08 06:39:47.070732 Aimeos HTML client vulnerable to digital products download without proper payment status check
MEDIUM (5.3)
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5 fix this issue.
Published: 2024-06-11T14:43:39.391Z
Updated: 2024-08-02T03:50:56.097Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.