CVE-2011-3635
Empathy < 3.2.1 - Cross-Site Scripting via Crafted Alias in Adium Theme
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46510
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=747599
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/50323
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/76485
Patch x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=662035
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46939
Patch x_refsource_confirm
http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36
Scores
EPSS
0.0048
EPSS Percentile
65.3%
Details
CWE
CWE-79
Status
published
Products (50)
gnome/empathy
0.1
gnome/empathy
0.2
gnome/empathy
0.3
gnome/empathy
0.4
gnome/empathy
0.5
gnome/empathy
0.6
gnome/empathy
0.7
gnome/empathy
0.8
gnome/empathy
0.9
gnome/empathy
0.11
... and 40 more
Published
Oct 23, 2011
Tracked Since
Feb 18, 2026