exploitDog

CVE-2025-65237

Опубликовано: 26 нояб. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.

Ссылки

https://eslam3kl.gitbook.io
Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65237-ussd-gateway-reflected-cross-site-scripting
Exploit
Third Party Advisory
https://github.com/eslam3kl
Not Applicable
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65237-ussd-gateway-reflected-cross-site-scripting
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:opencode:ussd_gateway:6.13.11:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.0005

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-367q-hhvx-9x63

CVSS3: 6.1

github

2 месяца назад

A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.

EPSS

Процентиль: 16%

0.0005

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79