CVE-2025-70844

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published Apr 07, 2026

Vendor unknown

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

References

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70844
https://github.com/kantorge/yaffa