CVE-2025-70844

Published: Apr 7, 2026

Modified: Apr 9, 2026

PUBLISHED

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/kantorge/yaffa

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70844

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-70844

Description

Affected Products

References