ERPNext.com Frappe Cloud Support Partners Foundation Frappe School

Security Leak in /update-gstin.html

The link for GST data update should be implemented with checksum

http://servername.com/regional/india/update-gstin.html?party=Generic+Party+Name

all the address details of party can be retrieved by unauthorized person, just by guessing name of the party

Hi @ItsRaichura
Thanks for reporting this. Please open an issue about this on github