CVE-2025-70844

Published
View on NVD ↗
CVSS v3
6.1
MEDIUM
CVSS v2
N/A
Affected
2
PROJECTS

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

J4cky1028/vulnerability-research
J4cky1028/vulnerability-research
This repository contains information on the CVEs I found.
GitHubGitHub
kantorge/yaffa
kantorge/yaffa
Yaffa is a personal finance web application, focusing on the support of long term financial planning.
GitHubGitHub
97