Main Vulnerability Database Vulnerabilities #VU40069

#VU40069 Cross-site scripting in Yandex Browser - CVE-2016-8506

Published: October 26, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40069

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2016-8506

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Yandex Browser

Software vendor:
Yandex N. V.

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

Remediation

Install update from vendor's website.

External links

http://www.securityfocus.com/bid/93927
https://browser.yandex.com/security/changelogs/