VYPR
Vendor

Fusiondirectory

Products
2
CVEs
3
Across products
4
Status
Private

Products

2

Recent CVEs

3
  • CVE-2022-36179CriNov 22, 2022
    risk 0.64cvss 9.8epss 0.01

    Fusiondirectory 1.3 suffers from Improper Session Handling.

  • CVE-2022-36180CriNov 22, 2022
    risk 0.62cvss 9.6epss 0.01

    Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.

  • CVE-2025-32807MedApr 11, 2025
    risk 0.27cvss 5.3epss 0.01

    A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.