CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

GHSA-PQ95-94C9-J987 yaffa vulnerable to Cross Site Scripting

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

yaffa vulnerable to Cross Site Scripting

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

EUVD-2025-209275

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the Add Account Group process on the account-group page. An attacker can execute arbitrary JavaScript in the context of users who view the affected page by injecting malicious scripts. Details Cross-site...

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

CVE-2025-70844

CVE-2025-70844 : yaffa v2.0.0 is vulnerable to a Cross-Site Scripting (XSS) flaw in the dd Account Groupunction on the account-group page. An attacker can inject malicious JavaScript, which executes in the context of users viewing the affected page. The description does not provide affected ver...

CVE-2025-70844

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

PT-2026-30902

yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...

Yet Another Free Financial Application 安全漏洞

Yet Another Free Financial Application is a self-hosted web application for personal financial management and planning developed by Kantorgge’s individual developers. Version 2.0.0 of Yet Another Free Financial Application contains a security vulnerability. This vulnerability stems from the “Add...