Lucene search
+L

79 matches found

RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.6 views

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

8.8CVSS7.5AI score0.00516EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.5 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS7.5AI score0.00294EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/12/16 12:25 a.m.5 views

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

9.8CVSS6.5AI score0.00437EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/15 6:30 p.m.5 views

EUVD-2025-203391

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.1AI score0.00331EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.5 views

EUVD-2025-203397

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7AI score0.00516EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.6 views

EUVD-2025-203390

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7AI score0.00294EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.4 views

EUVD-2025-203392

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.1AI score0.00331EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/15 6:30 p.m.6 views

EUVD-2025-203396

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7AI score0.00294EPSS
Exploits1References3
NVD
NVD
added 2025/12/15 6:15 p.m.7 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

9.8CVSS0.00331EPSS
Exploits1References2
NVD
NVD
added 2025/12/15 6:15 p.m.5 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS0.00294EPSS
Exploits1References2
NVD
NVD
added 2025/12/15 5:15 p.m.8 views

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

4.3CVSS0.00294EPSS
Exploits1References2
NVD
NVD
added 2025/12/15 5:15 p.m.10 views

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

8.8CVSS0.00516EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66440

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext/accounts/doctype/paymententry/paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.3AI score0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-66437

An SSTI Server-Side Template Injection vulnerability exists in the getaddressdisplay method of Frappe ERPNext through 15.89.0. This function renders address templates using frappe.rendertemplate with a context derived from the addressdict parameter, which can be either a dictionary or a string...

6.8AI score0.00525EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.2 views

CVE-2025-66439

An issue was discovered in Frappe ERPNext through 15.89.0. Function getoutstandingreferencedocuments at erpnext.accounts.doctype.paymententry.paymententry.py is vulnerable to SQL Injection. It allows an attacker to extract arbitrary data from the database by injecting SQL payloads via the...

7.3AI score0.00331EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.3 views

CVE-2025-66434

An SSTI Server-Side Template Injection vulnerability exists in the getdunninglettertext method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates bodytext using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7.1AI score0.00516EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/12/15 12:0 a.m.4 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

7.1AI score0.00294EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.9 views

PT-2025-51257

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description An SSTI Server-Side Template Injection vulnerability exists in the get terms and conditions method. The function renders attacker-controlled Jinja2 templates terms using frappe.render templat...

8.1CVSS7AI score0.00294EPSS
Exploits1References7
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.31 views

CVE-2025-66435

An SSTI Server-Side Template Injection vulnerability exists in the getcontracttemplate method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates contractterms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

0.00294EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/12/15 12:0 a.m.27 views

CVE-2025-66436

An SSTI Server-Side Template Injection vulnerability exists in the gettermsandconditions method of Frappe ERPNext through 15.89.0. The function renders attacker-controlled Jinja2 templates terms using frappe.rendertemplate with a user-supplied context doc. Although Frappe uses a custom...

0.00294EPSS
Exploits1References2
Rows per page
Query Builder