CVE-2011-3635: XSS
First published: Thu Oct 20 2011(Updated: )
A cross-site scripting (XSS) flaw was found in the Adium theme for Empathy, an instant messaging client for GNOME, due to incorrect sanitization of the user nickname / alias, when new user joined a room. A remote attacker, valid Empathy user with specially-crafted nickname could send a message to particular IRC room, leading to arbitrary HTML or webscript execution, when the nickname was displayed by the theme. Upstream bug report: [1] <a href="https://bugzilla.gnome.org/show_bug.cgi?id=662035">https://bugzilla.gnome.org/show_bug.cgi?id=662035</a> Relevant upstream patch: [2] <a href="http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36">http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gnome Empathy | =2.29.91.2 | |
| Gnome Empathy | =0.21.5.1 | |
| Gnome Empathy | =2.91.6.1 | |
| Gnome Empathy | =2.91.90.2 | |
| Gnome Empathy | =2.31.6 | |
| Gnome Empathy | =0.9 | |
| Gnome Empathy | =2.23.90 | |
| Gnome Empathy | =2.31.5 | |
| Gnome Empathy | =3.1.2.1 | |
| Gnome Empathy | <=3.2.1 | |
| Gnome Empathy | =0.8 | |
| Gnome Empathy | =2.91.3 | |
| Gnome Empathy | =2.91.2 | |
| Gnome Empathy | =2.28.0.1 | |
| Gnome Empathy | =3.1.90 | |
| Gnome Empathy | =3.0.0 | |
| Gnome Empathy | =2.29.3 | |
| Gnome Empathy | =2.30.2 | |
| Gnome Empathy | =2.27.91 | |
| Gnome Empathy | =3.1.90.1 | |
| Gnome Empathy | =2.26.0.1 | |
| Gnome Empathy | =3.1.4 | |
| Gnome Empathy | =0.11 | |
| Gnome Empathy | =2.30.0.1 | |
| Gnome Empathy | =2.30.1.1 | |
| Gnome Empathy | =2.91.91.1 | |
| Gnome Empathy | =0.21.4 | |
| Gnome Empathy | =2.29.91 | |
| Gnome Empathy | =0.6 | |
| Gnome Empathy | =2.91.92 | |
| Gnome Empathy | =2.27.2 | |
| Gnome Empathy | =2.31.4 | |
| Gnome Empathy | =2.33.3 | |
| Gnome Empathy | =2.25.4 | |
| Gnome Empathy | =2.33.4 | |
| Gnome Empathy | =2.33.1 | |
| Gnome Empathy | =2.23.6 | |
| Gnome Empathy | =2.29.91.1 | |
| Gnome Empathy | =2.32.0.1 | |
| Gnome Empathy | =2.29.5.1 | |
| Gnome Empathy | =2.27.4 | |
| Gnome Empathy | =2.29.93 | |
| Gnome Empathy | =2.31.92 | |
| Gnome Empathy | =2.29.1 | |
| Gnome Empathy | =3.0.1 | |
| Gnome Empathy | =3.1.92 | |
| Gnome Empathy | =2.27.91.1 | |
| Gnome Empathy | =2.91.1 | |
| Gnome Empathy | =2.23.91 | |
| Gnome Empathy | =0.21.1 | |
| Gnome Empathy | =2.25.91 | |
| Gnome Empathy | =3.0.2 | |
| Gnome Empathy | =2.91.4.2 | |
| Gnome Empathy | =2.25.90 | |
| Gnome Empathy | =0.5 | |
| Gnome Empathy | =2.91.91 | |
| Gnome Empathy | =2.27.3 | |
| Gnome Empathy | =3.1.5.1 | |
| Gnome Empathy | =2.27.5 | |
| Gnome Empathy | =0.23.2 | |
| Gnome Empathy | =2.24.1 | |
| Gnome Empathy | =0.2 | |
| Gnome Empathy | =2.31.5.1 | |
| Gnome Empathy | =2.31.3 | |
| Gnome Empathy | =2.28.1.2 | |
| Gnome Empathy | =0.21.5 | |
| Gnome Empathy | =2.34.0 | |
| Gnome Empathy | =2.26.0 | |
| Gnome Empathy | =0.13 | |
| Gnome Empathy | =0.1 | |
| Gnome Empathy | =3.1.2 | |
| Gnome Empathy | =2.91.5 | |
| Gnome Empathy | =0.14 | |
| Gnome Empathy | =0.21.2 | |
| Gnome Empathy | =2.91.4.1 | |
| Gnome Empathy | =2.28.1.1 | |
| Gnome Empathy | =2.29.92 | |
| Gnome Empathy | =2.28.2 | |
| Gnome Empathy | =2.32.2 | |
| Gnome Empathy | =3.1.3 | |
| Gnome Empathy | =2.91.4.3 | |
| Gnome Empathy | =2.30.0.2 | |
| Gnome Empathy | =0.4 | |
| Gnome Empathy | =2.29.6 | |
| Gnome Empathy | =2.27.1.1 | |
| Gnome Empathy | =2.25.2 | |
| Gnome Empathy | =2.29.2 | |
| Gnome Empathy | =2.32.1 | |
| Gnome Empathy | =0.22.0 | |
| Gnome Empathy | =2.91.3.1 | |
| Gnome Empathy | =3.1.91 | |
| Gnome Empathy | =2.30.1 | |
| Gnome Empathy | =2.26.2 | |
| Gnome Empathy | =2.91.4 | |
| Gnome Empathy | =0.7 | |
| Gnome Empathy | =0.22.1 | |
| Gnome Empathy | =3.1.1 | |
| Gnome Empathy | =2.29.90 | |
| Gnome Empathy | =3.2.0.1 | |
| Gnome Empathy | =2.28.1 | |
| Gnome Empathy | =2.31.1 | |
| Gnome Empathy | =2.32.0 | |
| Gnome Empathy | =2.31.2 | |
| Gnome Empathy | =2.23.92 | |
| Gnome Empathy | =2.25.92 | |
| Gnome Empathy | =3.1.5 | |
| Gnome Empathy | =2.25.3 | |
| Gnome Empathy | =0.21.5.2 | |
| Gnome Empathy | =2.27.1 | |
| Gnome Empathy | =2.30.3 | |
| Gnome Empathy | =2.30.0 | |
| Gnome Empathy | =0.23.3 | |
| Gnome Empathy | =2.27.92 | |
| Gnome Empathy | =0.12 | |
| Gnome Empathy | =0.21.90 | |
| Gnome Empathy | =0.3 | |
| Gnome Empathy | =2.31.91 | |
| Gnome Empathy | =2.28.0 | |
| Gnome Empathy | =0.23.1 | |
| Gnome Empathy | =0.21.3 | |
| Gnome Empathy | =2.29.5 | |
| Gnome Empathy | =2.91.6 | |
| Gnome Empathy | =2.26.1 | |
| Gnome Empathy | =2.24.0 | |
| Gnome Empathy | =2.91.5.1 | |
| Gnome Empathy | =2.91.0 | |
| Gnome Empathy | =2.31.90 | |
| Gnome Empathy | =2.33.2 | |
| Gnome Empathy | =0.23.4 | |
| Gnome Empathy | =0.21.91 | |
| Gnome Empathy | =2.91.90.1 | |
| Gnome Empathy | =2.91.93 | |
| Gnome Empathy | =2.91.90 | |
| Gnome Empathy | =2.29.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/46510
- http://git.gnome.org/browse/empathy/commit/?id=739aca418457de752be13721218aaebc74bd9d36
- https://bugzilla.gnome.org/show_bug.cgi?id=662035
- https://bugzilla.redhat.com/show_bug.cgi?id=747599
- http://www.securityfocus.com/bid/50323
- http://secunia.com/advisories/46939
- http://osvdb.org/76485
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=747737
- collector/nvd-historical
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-3635
- vendor/gnome
- canonical/gnome empathy
- version/gnome empathy/2.29.91.2
- version/gnome empathy/0.21.5.1
- version/gnome empathy/2.91.6.1
- version/gnome empathy/2.91.90.2
- version/gnome empathy/2.31.6
- version/gnome empathy/0.9
- version/gnome empathy/2.23.90
- version/gnome empathy/2.31.5
- version/gnome empathy/3.1.2.1
- version/gnome empathy/3.2.1
- version/gnome empathy/0.8
- version/gnome empathy/2.91.3
- version/gnome empathy/2.91.2
- version/gnome empathy/2.28.0.1
- version/gnome empathy/3.1.90
- version/gnome empathy/3.0.0
- version/gnome empathy/2.29.3
- version/gnome empathy/2.30.2
- version/gnome empathy/2.27.91
- version/gnome empathy/3.1.90.1
- version/gnome empathy/2.26.0.1
- version/gnome empathy/3.1.4
- version/gnome empathy/0.11
- version/gnome empathy/2.30.0.1
- version/gnome empathy/2.30.1.1
- version/gnome empathy/2.91.91.1
- version/gnome empathy/0.21.4
- version/gnome empathy/2.29.91
- version/gnome empathy/0.6
- version/gnome empathy/2.91.92
- version/gnome empathy/2.27.2
- version/gnome empathy/2.31.4
- version/gnome empathy/2.33.3
- version/gnome empathy/2.25.4
- version/gnome empathy/2.33.4
- version/gnome empathy/2.33.1
- version/gnome empathy/2.23.6
- version/gnome empathy/2.29.91.1
- version/gnome empathy/2.32.0.1
- version/gnome empathy/2.29.5.1
- version/gnome empathy/2.27.4
- version/gnome empathy/2.29.93
- version/gnome empathy/2.31.92
- version/gnome empathy/2.29.1
- version/gnome empathy/3.0.1
- version/gnome empathy/3.1.92
- version/gnome empathy/2.27.91.1
- version/gnome empathy/2.91.1
- version/gnome empathy/2.23.91
- version/gnome empathy/0.21.1
- version/gnome empathy/2.25.91
- version/gnome empathy/3.0.2
- version/gnome empathy/2.91.4.2
- version/gnome empathy/2.25.90
- version/gnome empathy/0.5
- version/gnome empathy/2.91.91
- version/gnome empathy/2.27.3
- version/gnome empathy/3.1.5.1
- version/gnome empathy/2.27.5
- version/gnome empathy/0.23.2
- version/gnome empathy/2.24.1
- version/gnome empathy/0.2
- version/gnome empathy/2.31.5.1
- version/gnome empathy/2.31.3
- version/gnome empathy/2.28.1.2
- version/gnome empathy/0.21.5
- version/gnome empathy/2.34.0
- version/gnome empathy/2.26.0
- version/gnome empathy/0.13
- version/gnome empathy/0.1
- version/gnome empathy/3.1.2
- version/gnome empathy/2.91.5
- version/gnome empathy/0.14
- version/gnome empathy/0.21.2
- version/gnome empathy/2.91.4.1
- version/gnome empathy/2.28.1.1
- version/gnome empathy/2.29.92
- version/gnome empathy/2.28.2
- version/gnome empathy/2.32.2
- version/gnome empathy/3.1.3
- version/gnome empathy/2.91.4.3
- version/gnome empathy/2.30.0.2
- version/gnome empathy/0.4
- version/gnome empathy/2.29.6
- version/gnome empathy/2.27.1.1
- version/gnome empathy/2.25.2
- version/gnome empathy/2.29.2
- version/gnome empathy/2.32.1
- version/gnome empathy/0.22.0
- version/gnome empathy/2.91.3.1
- version/gnome empathy/3.1.91
- version/gnome empathy/2.30.1
- version/gnome empathy/2.26.2
- version/gnome empathy/2.91.4
- version/gnome empathy/0.7
- version/gnome empathy/0.22.1
- version/gnome empathy/3.1.1
- version/gnome empathy/2.29.90
- version/gnome empathy/3.2.0.1
- version/gnome empathy/2.28.1
- version/gnome empathy/2.31.1
- version/gnome empathy/2.32.0
- version/gnome empathy/2.31.2
- version/gnome empathy/2.23.92
- version/gnome empathy/2.25.92
- version/gnome empathy/3.1.5
- version/gnome empathy/2.25.3
- version/gnome empathy/0.21.5.2
- version/gnome empathy/2.27.1
- version/gnome empathy/2.30.3
- version/gnome empathy/2.30.0
- version/gnome empathy/0.23.3
- version/gnome empathy/2.27.92
- version/gnome empathy/0.12
- version/gnome empathy/0.21.90
- version/gnome empathy/0.3
- version/gnome empathy/2.31.91
- version/gnome empathy/2.28.0
- version/gnome empathy/0.23.1
- version/gnome empathy/0.21.3
- version/gnome empathy/2.29.5
- version/gnome empathy/2.91.6
- version/gnome empathy/2.26.1
- version/gnome empathy/2.24.0
- version/gnome empathy/2.91.5.1
- version/gnome empathy/2.91.0
- version/gnome empathy/2.31.90
- version/gnome empathy/2.33.2
- version/gnome empathy/0.23.4
- version/gnome empathy/0.21.91
- version/gnome empathy/2.91.90.1
- version/gnome empathy/2.91.93
- version/gnome empathy/2.91.90
- version/gnome empathy/2.29.4