Ussd Gateway
by Opencode
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70614 | Hig | 0.53 | 8.1 | 0.00 | Mar 5, 2026 | OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier… | ||
| CVE-2025-65235 | 0.00 | — | 0.00 | Nov 26, 2025 | OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function. | |||
| CVE-2025-65237 | 0.00 | — | 0.00 | Nov 26, 2025 | A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload. | |||
| CVE-2025-65238 | 0.00 | — | 0.00 | Nov 26, 2025 | Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information. | |||
| CVE-2025-65239 | 0.00 | — | 0.00 | Nov 26, 2025 | Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs. | |||
| CVE-2025-65236 | 0.00 | — | 0.00 | Nov 26, 2025 | OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint. |
- risk 0.53cvss 8.1epss 0.00
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier…
- CVE-2025-65235Nov 26, 2025risk 0.00cvss —epss 0.00
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.
- CVE-2025-65237Nov 26, 2025risk 0.00cvss —epss 0.00
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.
- CVE-2025-65238Nov 26, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.
- CVE-2025-65239Nov 26, 2025risk 0.00cvss —epss 0.00
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
- CVE-2025-65236Nov 26, 2025risk 0.00cvss —epss 0.00
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.