Aimeos Project

aimeos_project

2 CVEs • 2 products

Products (2)

Click to collapse

Toggle

Aimeos

aimeos

1 CVE

Ai Controller Frontend

ai-controller-frontend

1 CVE

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-39322 1Aimeos Project 1Ai Controller Frontend Nov 21, 2024 Jul 2, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin g...Show more aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue. Show less
CVE-2021-28380 1Aimeos Project 1Aimeos Nov 21, 2024 Mar 16, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2024-39322

1Aimeos Project

1Ai Controller Frontend

Nov 21, 2024

Jul 2, 2024

N/A· v4

5.5 MEDIUM· v3

N/A· v2

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue. Show less

CVE-2021-28380

1Aimeos Project

1Aimeos

Nov 21, 2024

Mar 16, 2021

N/A· v4

5.4 MEDIUM· v3

3.5 LOW· v2

The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account.