[MEDIUM] yaffa vulnerable to Cross Site Scripting

PKSA-bprf-j9w1-t7bq CVE-2025-70844 GHSA-pq95-94c9-j987

Affected package: kantorge/yaffa

Affected version: <=2.0.0

Reported by:
GitHub