VYPR

Packagist (Composer) package

kantorge/yaffa

pkg:composer/kantorge/yaffa

Vulnerabilities (1)

  • CVE-2025-70844MedApr 7, 2026
    affected <= 2.0.0

    yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.