yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/70xxx/CVE-2025-70844.json",
"cna_assigner": "mitre"
}