CVE-2025-70844

UNKNOWN View on NVD ↗

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

References

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70844
https://github.com/kantorge/yaffa

Published: Apr 07, 2026 17:16 UTC Modified: Apr 07, 2026 17:16 UTC