99 matches found
CVE-2025-65237
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
EUVD-2025-199725
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
EUVD-2025-199722
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
EUVD-2025-199721
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
EUVD-2025-199724
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
CVE-2025-65238
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information...
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65237
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
CVE-2025-65239
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs...
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65235
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from improper access control of the /aux1/ocussd/trace endpoint, which could allow a low-privileged attacker to read...
CVE-2025-65237
OpenCode Systems USSD Gateway OC Release 5 is affected by a reflected XSS vulnerability that lets an attacker inject arbitrary JavaScript into a user’s browser by sending a crafted payload. The issue is documented across multiple sources (e.g., Red Hat CVE entry and NVD) with a CVSSv3.1 base scor...
OpenCode USSD Gateway 安全漏洞
OpenCode USSD Gateway is an OpenCode open source gateway software for processing and managing USSD messages. A security vulnerability exists in OpenCode USSD Gateway, which stems from reflective cross-site scripting and could lead to an attacker executing arbitrary JavaScript in a user's browser...
CVE-2025-65236
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
CVE-2025-65237
A reflected cross-site scripted XSS vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload...
CVE-2025-65236
CVE-2025-65236 affects OpenCode Systems USSD Gateway OC Release 5. The issue is a SQL injection via the Session ID parameter in the endpoint /occontrolpanel/index.php . CVSS v3.1 base score is 9.8 (CRITICAL) with network attack vector, no user interaction, and no privileges required; impacts incl...
PT-2025-48158
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint...
PT-2025-48155
Name of the Vulnerable Software and Affected Versions OpenCode Systems USSD Gateway OC Release:5 version 6.13.11 Description A flaw exists in access control within the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5. This allows attackers with limited privileges to acces...