Home

Description

Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.

PUBLISHED Reserved 2021-01-15 | Published 2025-05-21 | Updated 2025-05-21 | Assigner yandex




HIGH: 8.2CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N

Problem types

CWE-116 Improper Encoding or Escaping of Output

Product status

Default status
unaffected

21.1.0 (custom)
affected

Credits

Kirtikumar Anandrao Ramchandani finder

References

yandex.com/bugbounty/i/hall-of-fame-browser/

cve.org (CVE-2021-25254)

nvd.nist.gov (CVE-2021-25254)

Download JSON