CVE-2025-70844 | THREATINT

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

PUBLISHED Reserved 2026-01-09 | Published 2026-04-07 | Updated 2026-04-09 | Assigner mitre

References

github.com/kantorge/yaffa

github.com/...ulnerability-research/tree/main/CVE-2025-70844

cve.org (CVE-2025-70844)

nvd.nist.gov (CVE-2025-70844)

Download JSON