GHSA-PQ95-94C9-J987 yaffa vulnerable to Cross Site Scripting
yaffa v2.0.0 is vulnerable to Cross Site Scripting XSS. An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page...