Debian Fusiondirectory vulnerabilities

4 known vulnerabilities affecting debian/fusiondirectory.

Total CVEs

4

CISA KEV

0

Public exploits

0

Exploited in wild

0

Severity breakdown

CRITICAL3MEDIUM1

Vulnerabilities

Page 1 of 1

CVE-2025-32807MEDIUMCVSS 5.32025

CVE-2025-32807 [MEDIUM] CVE-2025-32807: fusiondirectory - A path traversal vulnerability in FusionDirectory before 1.5 allows remote attac... A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php. Scope: local bullseye: open

CVE-2022-36179CRITICALCVSS 9.8fixed in fusiondirectory 1.3-4+deb11u1 (bullseye)2022

CVE-2022-36179 [CRITICAL] CVE-2022-36179: fusiondirectory - Fusiondirectory 1.3 suffers from Improper Session Handling. Fusiondirectory 1.3 suffers from Improper Session Handling. Scope: local bullseye: resolved (fixed in 1.3-4+deb11u1)

CVE-2022-36180CRITICALCVSS 9.6fixed in fusiondirectory 1.3-4+deb11u1 (bullseye)2022

CVE-2022-36180 [CRITICAL] CVE-2022-36180: fusiondirectory - Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirec... Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106. Scope: local bullseye: resolved (fixed in 1.3-4+deb11u1)

CVE-2019-11187CRITICALCVSS 9.8fixed in fusiondirectory 1.2.3-5 (bullseye)2019

CVE-2019-11187 [CRITICAL] CVE-2019-11187: fusiondirectory - Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 al... Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided. Scope: local bullseye: resolved (fixed in 1.2.3-5)