Vendor
Fusiondirectory
Products
2
CVEs
3
Across products
4
Status
Private
Products
2- 3 CVEs
- 1 CVE
Recent CVEs
3| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36179 | Cri | 0.64 | 9.8 | 0.01 | Nov 22, 2022 | Fusiondirectory 1.3 suffers from Improper Session Handling. | ||
| CVE-2022-36180 | Cri | 0.62 | 9.6 | 0.01 | Nov 22, 2022 | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. | ||
| CVE-2025-32807 | Med | 0.27 | 5.3 | 0.01 | Apr 11, 2025 | A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. |
- risk 0.64cvss 9.8epss 0.01
Fusiondirectory 1.3 suffers from Improper Session Handling.
- risk 0.62cvss 9.6epss 0.01
Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.
- risk 0.27cvss 5.3epss 0.01
A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.