Cross-Site Scripting in Yandex Browser for Desktop Versions 15.12 to 16.2
CVE-2016-8506

6.1MEDIUM

Key Information:

Vendor: Yandex N.v.
Status: Yandex Browser For Desktop
Vendor: CVE Published:; 26 October 2016

🔔 Create Yandex N.v. Vulnerability Alert

What is CVE-2016-8506?

A Cross-Site Scripting (XSS) vulnerability exists in the Yandex Browser within its Translator feature, affecting versions 15.12 to 16.2. This flaw permits a remote attacker to execute arbitrary JavaScript code, potentially compromising user data and browser security. Users are advised to update their browsers to mitigate associated risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Yandex Browser for desktop 15.12 to 16.2 for OSx and Linux

References

https://browser.yandex.com/security/changelogs/

x_refsource_CONFIRM

http://www.securityfocus.com/bid/93927

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2016
Vulnerability Reserved
Oct 7, 2016

JSON

Yandex N.v.