Cross-Site Scripting Vulnerability in Yandex Browser's BookReader
CVE-2016-8505

6.1MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8505?

This vulnerability in Yandex Browser's BookReader allows remote attackers to execute arbitrary JavaScript code. Versions prior to 16.6 are at risk, making it essential for users to update their browser to enhance security against potential exploitation.

Affected Version(s)

Yandex Browser for desktop before 16.6 for OSx and Windows

References

http://www.securityfocus.com/bid/93925

vdb-entryx_refsource_BID

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON