CVE-2025-65237: USSD Gateway Reflected Cross-Site Scripting Description Reflected Cross-Site Scripting in the USSD Gateway application offered by OpenCode Systems allows the user who has access to the vulnerable function to execute JavaScript code against the victim. Application Details Name: USSD Gateway Vendor: OpenCode Systems Version: OC Release 5 - Version 6.13.11 Technical Details Vulnerable Endpoint: /occontrolpanel/index.php?w=ocussd&m=sessions&a=list_sessions&flt_sessid= Vulnerable Parameter: flt_sessid Payload Sample: flt_sessid=6"> Exploitation This vulnerability is a chain of 2 vulnerabilities to convert self XSS to reflected XSS. The server assigns cookies to the user after being logged in without specifying the same site value to lax, allowing the attacker to convert the request from GET to POST to bypass the CSRF verification parameter in the POST body. By converting the request from POST to GET and removing the verification parameter's value for the CSRF or even the whole parameter and sending it again, a vulnerable URL can be shared with different users. Nuclei Template ```yaml id: ocpnanel-ussdgw-xss info: name: USSD Gateway OCP Control Panel Reflected XSS author: Eslam Ali Ak1 @eslam3kl severity: Medium description: | Reflected XSS test for the OCP Control Panel USSD Gateway session Injects a simple XSS payload into the flt_sessid parameter and flags the target if the payload is reflected unescaped in the HTML response. tags: [xss, reflected, ocpnanel, ussdgw] requests: - id: reflected_xss method: GET path: - "{{BaseURL}}/occontrolpanel/index.php?w=ocussd&m=sessions&a=list_sessions&fl [[URL] &lc