CVE-2016-8506

MEDIUM

Yandex Browser Translator <16.2 - XSS

Title source: llm

Description

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/93927

[Release Notes, Vendor Advisory] https://browser.yandex.com/security/changelogs/

Scores

CVSS v3 6.1

EPSS 0.0023

EPSS Percentile 45.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (7)

yandex/yandex_browser

Yandex N.V./Yandex Browser for desktop < 15.12 to 16.2 for OSx and Linux

Timeline

Published Oct 26, 2016

Tracked Since Feb 18, 2026