Security Advisory

CVE-2025-70844

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-07 00:00:00

Last updated 2026-04-09 13:59:20

Assigner mitre

State PUBLISHED

Description

yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page.

← Browse all CVEs View on cve.org ↗