CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8504
https://notcve.org/view.php?id=CVE-2016-8504
CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. CSRF de forma de sincronización en Yandex Browser para escritorio en versiones anteriores a 16.6 podría ser usado por atacantes remotos para robar datos guardados en el perfil del navegador. • http://www.securityfocus.com/bid/93924 https://browser.yandex.com/security/changelogs • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 15EXPL: 0CVE-2013-0319
https://notcve.org/view.php?id=CVE-2013-0319
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via vectors related to the Yandex.Metrica service data. Vulnerabilidad de XSS en el módulo Yandex.Metrics 6.x-1.x anterior a 6.x-1.6 y 7.x-1.x anterior a 7.x-1.5 para Drupal, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores que involucran al servicio de datos Yandex.Metrica. • http://drupal.org/node/1921340 http://drupal.org/node/1921342 http://drupal.org/node/1922400 http://drupalcode.org/project/yandex_metrics.git/commitdiff/290b718 http://drupalcode.org/project/yandex_metrics.git/commitdiff/80bb901 http://www.openwall.com/lists/oss-security/2013/02/21/5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 2CVE-2012-2941 – Yandex.Server 2010 9.0 - 'text' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2012-2941
Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter. Vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en search/ in Yandex.Server 2010 v9.0 Enterprise permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro de texto. • https://www.exploit-db.com/exploits/37224 http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html http://www.securityfocus.com/bid/53622 https://exchange.xforce.ibmcloud.com/vulnerabilities/75788 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2007-3485
https://notcve.org/view.php?id=CVE-2007-3485
Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server allow remote attackers to inject arbitrary web script or HTML via the (1) query or (2) within parameter to the default URI. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Yandex.Server permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de los parámetros (1) query o (2) within del URI por defecto. • http://osvdb.org/37520 http://websecurity.com.ua/1018 http://websecurity.com.ua/670 •