Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2011-3635

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname).

Related bugs and status

CVE-2011-3635 (Candidate) is related to these bugs:

Bug #879301: HTML injection in nicknames

Summary				In	Importance	Status
	879301	HTML injection in nicknames		empathy (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://secunia.com/adv...
MISC: http://www.securityfoc...
MISC: http://osvdb.org/76485
MISC: http://git.gnome.org/b...
MISC: https://bugzilla.gnome...
MISC: https://bugzilla.redha...