CVE-2021-2525421.05.2025, 07:15Yandex Browser Lite for Android before 21.1.0 allows remote attackers to spoof the address bar.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST5.3 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NyandexCNA------CISA-ADPADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 15%Common Weakness EnumerationCWE-116 - Improper Encoding or Escaping of OutputThe software prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.Referenceshttps://yandex.com/bugbounty/i/hall-of-fame-browser/