79 matches found
CVE-2025-66438
A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...
CVE-2025-66434
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2025-203396
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2025-203390
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2025-203392
An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...
EUVD-2025-203397
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
EUVD-2025-203391
An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...
CVE-2025-66440
An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66437
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
CVE-2025-66440
An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...
CVE-2025-66436
An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66435
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66434
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66434
An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66435
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
CVE-2025-66438
A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...
CVE-2025-66435
An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...
PT-2025-51252
An SSTI Server-Side Template Injection vulnerability exists in the get dunning letter text method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates body text using frappe.render template with a user-supplied context doc. Although Frappe uses a custom...