Published: 23/10/2011 Updated: 13/05/2012

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and previous versions allows remote malicious users to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome empathy 3.1.3
gnome empathy 3.1.4
gnome empathy 3.1.5
gnome empathy 3.1.5.1
gnome empathy 2.91.3.1
gnome empathy 2.91.4.1
gnome empathy 2.91.4.2
gnome empathy 2.91.4.3
gnome empathy 2.33.1
gnome empathy 2.33.2
gnome empathy 2.33.3
gnome empathy 2.32.0.1
gnome empathy 2.30.0.1
gnome empathy 2.30.0.2
gnome empathy 2.30.0
gnome empathy 2.30.1.1
gnome empathy 2.29.91.2
gnome empathy 2.29.91
gnome empathy 2.29.92
gnome empathy 2.29.93
gnome empathy 2.28.0.1
gnome empathy 2.27.92
gnome empathy 2.27.91.1
gnome empathy 2.26.0.1
gnome empathy 2.26.0
gnome empathy 2.23.92
gnome empathy 0.23.4
gnome empathy 0.23.1
gnome empathy 0.23.2
gnome empathy 0.13
gnome empathy 0.12
gnome empathy 0.11
gnome empathy 0.9
gnome empathy
gnome empathy 3.1.1
gnome empathy 3.1.2
gnome empathy 3.1.90.1
gnome empathy 3.1.91
gnome empathy 2.91.2
gnome empathy 2.91.4
gnome empathy 2.91.5
gnome empathy 2.91.6.1
gnome empathy 2.91.90.1
gnome empathy 2.91.92
gnome empathy 2.34.0
gnome empathy 2.32.1
gnome empathy 2.31.1
gnome empathy 2.31.90
gnome empathy 2.31.92
gnome empathy 2.30.1
gnome empathy 2.30.3
gnome empathy 2.29.6
gnome empathy 2.29.91.1
gnome empathy 2.28.1
gnome empathy 2.28.1.1
gnome empathy 2.27.3
gnome empathy 2.27.5
gnome empathy 2.26.2
gnome empathy 2.25.3
gnome empathy 2.23.6
gnome empathy 2.23.91
gnome empathy 0.23.3
gnome empathy 0.22.0
gnome empathy 0.21.5
gnome empathy 0.21.91
gnome empathy 0.2
gnome empathy 0.4
gnome empathy 3.0.0
gnome empathy 3.0.1
gnome empathy 3.0.2
gnome empathy 2.91.0
gnome empathy 2.91.90.2
gnome empathy 2.91.90
gnome empathy 2.91.91.1
gnome empathy 2.91.91
gnome empathy 2.31.2
gnome empathy 2.31.3
gnome empathy 2.31.4
gnome empathy 2.31.5.1
gnome empathy 2.31.5
gnome empathy 2.29.2
gnome empathy 2.29.3
gnome empathy 2.29.4
gnome empathy 2.29.5
gnome empathy 2.28.1.2
gnome empathy 2.27.1.1
gnome empathy 2.27.1
gnome empathy 2.27.2
gnome empathy 2.25.4
gnome empathy 2.25.90
gnome empathy 2.25.91
gnome empathy 2.25.92
gnome empathy 2.24.1
gnome empathy 0.21.2
gnome empathy 0.21.3
gnome empathy 0.21.4
gnome empathy 0.21.5.1
gnome empathy 0.5
gnome empathy 0.6
gnome empathy 0.7
gnome empathy 0.8
gnome empathy 3.2.0.1
gnome empathy 3.1.2.1
gnome empathy 3.1.90
gnome empathy 3.1.92
gnome empathy 2.91.1
gnome empathy 2.91.3
gnome empathy 2.91.5.1
gnome empathy 2.91.6
gnome empathy 2.91.93
gnome empathy 2.33.4
gnome empathy 2.32.0
gnome empathy 2.32.2
gnome empathy 2.31.6
gnome empathy 2.31.91
gnome empathy 2.30.2
gnome empathy 2.29.1
gnome empathy 2.29.5.1
gnome empathy 2.29.90
gnome empathy 2.28.0
gnome empathy 2.28.2
gnome empathy 2.27.4
gnome empathy 2.27.91
gnome empathy 2.26.1
gnome empathy 2.25.2
gnome empathy 2.24.0
gnome empathy 2.23.90
gnome empathy 0.22.1
gnome empathy 0.21.1
gnome empathy 0.21.5.2
gnome empathy 0.21.90
gnome empathy 0.14
gnome empathy 0.1
gnome empathy 0.3

Empathy could be made to run programs or display webpages via specially crafted nicknames ...

CWE-79 https://bugzilla.gnome.org/show_bug.cgi?id=662035 https://usn.ubuntu.com/1250-1/https://nvd.nist.gov

Get Started

CVE-2011-4170

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect