PT-2026-30902 · Packagist+1 · Kantorge/Yaffa+1
Published
2026-04-07
·
Updated
2026-04-07
·
CVE-2025-70844
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
yaffa version 2.0.0
Description
Cross Site Scripting (XSS) allows an attacker to inject malicious JavaScript into the "Add Account Group" function on the account-group page. This enables the execution of arbitrary scripts in the context of users who view the affected page.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Code Injection
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Kantorge/Yaffa
Yaffa