Yandex: Security Vulnerabilities
XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-26
XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
CVSS Score
6.1
EPSS Score
0.002
Published
2016-10-26
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.
CVSS Score
4.3
EPSS Score
0.001
Published
2016-10-26
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVSS Score
7.3
EPSS Score
0.002
Published
2016-10-26
Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.
CVSS Score
7.3
EPSS Score
0.002
Published
2016-10-26
Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.
CVSS Score
5.3
EPSS Score
0.001
Published
2016-10-26
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter.
CVSS Score
4.3
EPSS Score
0.027
Published
2012-05-27
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI.
CVSS Score
4.3
EPSS Score
0.003
Published
2007-06-28
Page 3