13 matches found
CVE-2025-66437
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
EUVD-2025-203389
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
CVE-2025-66437
An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...
PT-2025-51258
Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A Server-Side Template Injection SSTI issue exists in the get address display method. This function uses frappe.render template with a context from the address dict parameter, which can be a...
ERPNext 安全漏洞
ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from the presence of server-side template injection in the getaddressdisplay method, which could lead to server-side code...
Google Rejection Page Text Injection
Google's unusual traffic activity page appears to allow for text injection but cross site scripting is mitigated. The page https://www.google.com/sorry/index is familiar to Tor and VPN users. It is the one that says "Our systems have detected unusual traffic from your computer network. Please try...
Mozilla: Alert dialog could have been spoofed on another site
The Mozilla Foundation Security Advisory describes this flaw as: Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim website's URL shown...
SUSE CVE-2018-10932
lldptool version 1.0.1 and older can print a raw, unsanitized attacker controlled buffer when mngAddr information is displayed. This may allow an attacker to inject shell control characters into the buffer and impact the behavior of the terminal...
Debian DSA-5158-1 : thunderbird - security update
The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5158 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the oldstable...
CVE-2021-40835
An URL Address bar spoofing vulnerability was discovered in Safe Browser for iOS. When user clicks on a specially crafted a malicious URL, if user does not carefully pay attention to url, user may be tricked to think content may be coming from a valid domain, while it comes from another. This is...
CVE-2017-7829
It is possible to spoof the sender's email address and display an arbitrary sender address to the email recipient. The real sender's address is not displayed if preceded by a null character in the display string. This vulnerability affects Thunderbird 52.5.2...
CVE-2018-0560
Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote attackers to spoof the address bar via vectors related to URL display...
Microsoft Office for MAC Spoofing Vulnerability
Microsoft Office 2016 for Mac is a Mac-based office software suite product developed by Microsoft Corporation USA. A spoofing vulnerability exists in Microsoft Office 2016 for Mac-based platforms that stems from the program's failure to properly handle the encryption and display of email addresse...