EUVD-2025-203389

An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...

CVE-2025-66437

An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...

PT-2025-51258

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A Server-Side Template Injection SSTI issue exists in the get address display method. This function uses frappe.render template with a context from the address dict parameter, which can be a...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from the presence of server-side template injection in the getaddressdisplay method, which could lead to server-side code...