What is CVE-2025-70844?

The Yaffa v2.0.0 application is vulnerable to Cross Site Scripting (XSS), allowing attackers to execute arbitrary scripts in user contexts. Immediate patching is advised.

What is the severity of CVE-2025-70844?

CVE-2025-70844 has a severity rating of MEDIUM with a CVSS base score of 6.1.

CVE-2025-70844 | Medium Vulnerability in Kantorge Yaffa

The Yaffa v2.0.0 application is vulnerable to Cross Site Scripting (XSS). This vulnerability allows attackers to inject malicious JavaScript into the "Add Account Group" function on the account-group page, enabling execution of arbitrary scripts in the context of users who view the affected page. The severity level of this vulnerability is classified as medium, with a CVSS score of 6.1, indicating that while it poses a risk, it is not the most critical threat.

Risk to organizations includes potential unauthorized access to sensitive information and manipulation of user interactions on the affected page. The exploit can be executed remotely, requiring only user interaction, which increases the likelihood of successful exploitation.

Organizations should prioritize patching immediately. Given the nature of XSS vulnerabilities, a successful attack could lead to significant data breaches, making it imperative to address this risk promptly.

As of now, there are no known exploits or public proofs of concept for this vulnerability, but the potential for exploitation remains due to the application's functionality that allows for script injection.

Vulnerability Details

According to the official CVE description, the vulnerability in Yaffa allows for Cross Site Scripting (XSS), specifically through the "Add Account Group" function. The CVSS score of 6.1 categorizes it as medium severity, highlighting the necessity for organizations to take timely action.

The vulnerability is associated with CWE-94, which pertains to code injection. The affected product is Yaffa, version 2.0.0, from the vendor Kantorge. The vulnerability was published on April 7, 2026.

Technical Analysis

The root cause of this vulnerability is improper input validation, which allows attackers to insert malicious JavaScript code into the application. The attack vector is network-based, requiring user interaction to execute the injected script. The attack complexity is low, and no privileges are required for an attacker to exploit this vulnerability.

User interaction is required for successful exploitation, as users must visit the affected page where the malicious script is embedded. The confidentiality and integrity impacts are classified as low, meaning there is a risk of unauthorized data exposure and modification, while availability is not impacted.

Risk & Impact Analysis

The deployment of Yaffa v2.0.0 exposes organizations to significant risks, including potential data theft and unauthorized access to user accounts. The nature of XSS attacks means that the blast radius can be extensive, affecting all users who interact with the compromised page.

Given the medium CVSS score and the absence of any known exploitation details, organizations should assess their usage of Yaffa and prioritize remediation efforts within their patching cycles to mitigate risks associated with this vulnerability.

Exploitation Status

Signal	Status
Known Exploit	No
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected version is Yaffa v2.0.0. Organizations should consider applying patches or updates as they become available to mitigate this vulnerability.

Mitigation & Remediation

Organizations should address this vulnerability by applying the necessary patches as soon as they are released. In the meantime, they can consider implementing input validation mechanisms or content security policies to help mitigate the risk of XSS attacks. For further assistance, organizations can engage in penetration testing to evaluate their security posture.

Detection Guidance

To detect potential exploitation of this vulnerability, organizations should monitor logs for unusual script executions and user interactions on the account-group page. Behavioral anomalies and network signatures indicative of XSS attacks should also be observed.

AppSecure Threat Intelligence Insight

This vulnerability underscores the importance of proper input validation in web applications. Security teams should be aware of similar patterns in their applications and continuously assess their security measures. Engaging in vulnerability management programs can help identify and remediate such vulnerabilities proactively. Additionally, organizations should consider penetration testing methodologies to strengthen their defenses against future threats.

Organizations should also be vigilant about the evolving nature of web application threats and ensure their security measures are adaptive and thorough.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2025-70844: Medium Vulnerability in Kantorge Yaffa