FusionDirectory
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32807 | Med | 0.27 | 5.3 | 0.01 | Apr 11, 2025 | A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. | ||
| CVE-2022-36179 | 0.00 | — | 0.01 | Nov 22, 2022 | Fusiondirectory 1.3 suffers from Improper Session Handling. | |||
| CVE-2022-36180 | 0.00 | — | 0.01 | Nov 22, 2022 | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. |
- risk 0.27cvss 5.3epss 0.01
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.
- CVE-2022-36179Nov 22, 2022risk 0.00cvss —epss 0.01
Fusiondirectory 1.3 suffers from Improper Session Handling.
- CVE-2022-36180Nov 22, 2022risk 0.00cvss —epss 0.01
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.