XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code.
[
{
"product": "Yandex Browser for desktop",
"vendor": "Yandex N.V.",
"versions": [
{
"status": "affected",
"version": "before 16.6 for OSx and Windows"
}
]
}
]