fusiondirectory CVE Vulnerabilities & CVE List (3)

Products (CPE): — CVEs: 3

fusiondirectory vulnerability overview

Aggregates CVE and security vulnerability intelligence across all fusiondirectory-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Disclosed issues often relate to vendor risk cross-site scripting and vendor risk path handling; exposure may include vendor impact session compromise in vendor surface software deployment contexts.

Vulnerability distribution trend (last 24 months)

Showing 13 of 3 CVEs
«« First « Prev Page 1 / 1 Next »
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2025-32807 A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. [email protected] 5.3 0.59% 2025-04-10 2026-06-17
CVE-2022-36180 Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. [email protected] 9.6 0.88% 2022-11-21 2026-07-08
CVE-2022-36179 Fusiondirectory 1.3 suffers from Improper Session Handling. [email protected] 9.8 0.93% 2022-11-21 2026-07-08
«« First « Prev Page 1 / 1 Next »
cvelogic Threat Intelligence