VulnerableCode Package Details - pkg:deb/debian/fusiondirectory@1.2.3-4%2Bdeb10u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-6uq5-8b85-7qc3 Aliases: CVE-2022-36179	Fusiondirectory 1.3 suffers from Improper Session Handling.	1.3-4+deb11u1 Affected by 0 other vulnerabilities.
VCID-9gy1-x64d-a7d7 Aliases: CVE-2022-36180	Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.	1.3-4+deb11u1 Affected by 0 other vulnerabilities.
VCID-vppv-uve4-bqbx Aliases: CVE-2019-11187	Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.	1.3-4+deb11u1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6uq5-8b85-7qc3
Aliases:
CVE-2022-36179

Fusiondirectory 1.3 suffers from Improper Session Handling.

1.3-4+deb11u1
Affected by 0 other vulnerabilities.

VCID-9gy1-x64d-a7d7
Aliases:
CVE-2022-36180

Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.

1.3-4+deb11u1
Affected by 0 other vulnerabilities.

VCID-vppv-uve4-bqbx
Aliases:
CVE-2019-11187

Incorrect Access Control in the LDAP class of GONICUS GOsa through 2019-04-11 allows an attacker to log into any account with a username containing the case-insensitive substring "success" when an arbitrary password is provided.

1.3-4+deb11u1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T00:35:41.848819+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-16T00:06:42.796735+00:00	Debian Oval Importer	Affected by	VCID-6uq5-8b85-7qc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T22:41:56.415133+00:00	Debian Oval Importer	Affected by	VCID-9gy1-x64d-a7d7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-12T00:08:50.073353+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T23:40:43.223779+00:00	Debian Oval Importer	Affected by	VCID-6uq5-8b85-7qc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T22:18:34.017450+00:00	Debian Oval Importer	Affected by	VCID-9gy1-x64d-a7d7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T23:39:55.375319+00:00	Debian Oval Importer	Affected by	VCID-vppv-uve4-bqbx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T23:13:12.669014+00:00	Debian Oval Importer	Affected by	VCID-6uq5-8b85-7qc3	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T21:54:42.894611+00:00	Debian Oval Importer	Affected by	VCID-9gy1-x64d-a7d7	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0