CVE-2011-4170
Empathy < 3.2.1 - Cross-Site Scripting via Crafted Alias in /me Event
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
References (1)
Core 1
Core References
Patch x_refsource_misc
https://bugzilla.gnome.org/show_bug.cgi?id=662035
Scores
EPSS
0.0022
EPSS Percentile
45.2%
Details
CWE
CWE-79
Status
published
Products (50)
gnome/empathy
0.1
gnome/empathy
0.2
gnome/empathy
0.3
gnome/empathy
0.4
gnome/empathy
0.5
gnome/empathy
0.6
gnome/empathy
0.7
gnome/empathy
0.8
gnome/empathy
0.9
gnome/empathy
0.11
... and 40 more
Published
Oct 23, 2011
Tracked Since
Feb 18, 2026