Aggregates CVE and security vulnerability intelligence across all fusiondirectory-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting and vendor risk path handling; exposure may include vendor impact session compromise in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-32807 | A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. | [email protected] | 5.3 | 0.59% | 2025-04-10 | 2026-06-17 |
| CVE-2022-36180 | Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. | [email protected] | 9.6 | 0.88% | 2022-11-21 | 2026-07-08 |
| CVE-2022-36179 | Fusiondirectory 1.3 suffers from Improper Session Handling. | [email protected] | 9.8 | 0.93% | 2022-11-21 | 2026-07-08 |