CVE-2022-36180 — Cross-site Scripting in Fusiondirectory

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

9.6CRITICALNVD

EPSS

0.2%

top 63.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fusiondirectory Debian Fusiondirectory

Timeline

PublishedNov 22

Description

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:HExploitability: 2.8 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/fusiondirectory< fusiondirectory 1.3-4+deb11u1 (bullseye)

▶Debianfusiondirectory/fusiondirectory< 1.3-4+deb11u1

▶NVDfusiondirectory/fusiondirectory1.3

🔴Vulnerability Details

GHSA

GHSA-f585-354r-gp9r: Fusiondirectory 1↗2022-11-22

▶

OSV

CVE-2022-36180: Fusiondirectory 1↗2022-11-22

▶

📋Vendor Advisories

Debian

CVE-2022-36180: fusiondirectory - Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirec...↗2022

▶