Main Vulnerability Database Vulnerabilities #VU40069

Cross-site scripting in Yandex Browser - CVE-2016-8506

Published: October 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40069

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-8506

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Yandex N. V.

Affected software:
Yandex Browser

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

How to mitigate CVE-2016-8506

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/93927
https://browser.yandex.com/security/changelogs/

Cross-site scripting in Yandex Browser - CVE-2016-8506

Detailed vulnerability description

How to mitigate CVE-2016-8506

Sources

Please verify you're human