MidnightBSD

Advisories for fusiondirectory

CVE-2022-36179

Fusiondirectory 1.3 suffers from Improper Session Handling.

Products Affected

Vendor Product Version
fusiondirectory fusiondirectory 1.3
CVE-2022-36180

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.

Products Affected

Vendor Product Version
fusiondirectory fusiondirectory 1.3