Vulnerability Description
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yandex | Yandex.Browser | <= 16.4.0.94.4 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/93925Third Party AdvisoryVDB Entry
- https://browser.yandex.com/security/changelogs/Release NotesVendor Advisory
- http://www.securityfocus.com/bid/93925Third Party AdvisoryVDB Entry
- https://browser.yandex.com/security/changelogs/Release NotesVendor Advisory
FAQ
What is CVE-2016-8505?
CVE-2016-8505 is a vulnerability with a CVSS score of 6.1 (MEDIUM). XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
How severe is CVE-2016-8505?
CVE-2016-8505 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-8505?
Check the references section above for vendor advisories and patch information. Affected products include: Yandex Yandex.Browser.