Cross-Site Scripting in Yandex Browser for Desktop Versions 15.12 to 16.2
CVE-2016-8506

6.1MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8506?

A Cross-Site Scripting (XSS) vulnerability exists in the Yandex Browser within its Translator feature, affecting versions 15.12 to 16.2. This flaw permits a remote attacker to execute arbitrary JavaScript code, potentially compromising user data and browser security. Users are advised to update their browsers to mitigate associated risks.

Affected Version(s)

Yandex Browser for desktop 15.12 to 16.2 for OSx and Linux

References

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93927

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON