kantorge/yaffa

Releases69

Frequency1 week 6 days

Last Release 5 days ago

Stars103

Yaffa is a personal finance web application, focusing on the support of long term financial planning.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-70844 ↗	Apr 7, 2026Tuesday, 7 April 2026, 17:16	6.1 MEDIUM	—
yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.