← Back

Opencode

opencode

6 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Ussd Gateway
ussd_gateway
6 CVEs

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2025-70614
1Opencode
1Ussd Gateway
May 6, 2026
Mar 5, 2026
N/A· v4
8.1 HIGH· v3
N/A· v2
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary...Show more
OpenCode Systems OC Messaging / USSD Gateway OC Release 6.32.2 contains a broken access control vulnerability in the web-based control panel allowing authenticated low-privileged attackers to gain to access to arbitrary SMS messages via a crafted company or tenant identifier parameter.Show less
CVE-2025-65239
1Opencode
1Ussd Gateway
Dec 30, 2025
Nov 26, 2025
N/A· v4
4.3 MEDIUM· v3
N/A· v2
Incorrect access control in the /aux1/ocussd/trace endpoint of OpenCode Systems USSD Gateway OC Release:5, version 6.13.11 allows attackers with low-level privileges to read server logs.
CVE-2025-65238
1Opencode
1Ussd Gateway
Jan 2, 2026
Nov 26, 2025
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive informati...Show more
Incorrect access control in the getSubUsersByProvider function of OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 allows attackers with low-level privileges to dump user records and access sensitive information.Show less
CVE-2025-65237
1Opencode
1Ussd Gateway
Jan 2, 2026
Nov 26, 2025
N/A· v4
6.1 MEDIUM· v3
N/A· v2
A reflected cross-site scripted (XSS) vulnerability in OpenCode Systems USSD Gateway OC Release: 5 allows attackers to execute arbitrary JavaScript in the context of a user's browser via injecting a crafted payload.
CVE-2025-65236
1Opencode
1Ussd Gateway
Jan 2, 2026
Nov 26, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
OpenCode Systems USSD Gateway OC Release: 5 was discovered to contain a SQL injection vulnerability via the Session ID parameter in the /occontrolpanel/index.php endpoint.
CVE-2025-65235
1Opencode
1Ussd Gateway
Jan 2, 2026
Nov 26, 2025
N/A· v4
9.8 CRITICAL· v3
N/A· v2
OpenCode Systems USSD Gateway OC Release: 5 Version 6.13.11 was discovered to contain a SQL injection vulnerability via the ID parameter in the getSubUsersByProvider function.