CVE-2025-65237

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

26/11/2025

Last modified:

26/11/2025

Description

A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user&#39;s browser via injecting a crafted payload.

Impact

References to Advisories, Solutions, and Tools

https://eslam3kl.gitbook.io
https://eslam3kl.gitbook.io/blog/web-application-findings/cve-2025-65237-ussd-gateway-reflected-cross-site-scripting
https://github.com/eslam3kl