CVE-2016-8505

MEDIUM

Yandex Browser BookReader <16.6 - XSS

Title source: llm

Description

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.

References (2)

Scores

CVSS v3 6.1
EPSS 0.0023
EPSS Percentile 45.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-79
Status published

Affected Products (2)

yandex/yandex.browser < 16.4.0.94.4
Yandex N.V./Yandex Browser for desktop < before 16.6 for OSx and Windows

Timeline

Published Oct 26, 2016
Tracked Since Feb 18, 2026