Strix
26.1K

CVE-2011-4170

UnknownEPSS 0.90%

Last modified

CVE-2011-4170 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.. EPSS estimates a 0.90% chance of exploitation in the next 30 days.

Description

Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.

Metrics

EPSS Probability
0.90%

54.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
GnomeEmpathy<= 3.2.1
GnomeEmpathy0.1
GnomeEmpathy0.2
GnomeEmpathy0.3
GnomeEmpathy0.4
GnomeEmpathy0.5
GnomeEmpathy0.6
GnomeEmpathy0.7
GnomeEmpathy0.8
GnomeEmpathy0.9
GnomeEmpathy0.11
GnomeEmpathy0.12
GnomeEmpathy0.13
GnomeEmpathy0.14
GnomeEmpathy0.21.1
GnomeEmpathy0.21.2
GnomeEmpathy0.21.3
GnomeEmpathy0.21.4
GnomeEmpathy0.21.5
GnomeEmpathy0.21.5.1
GnomeEmpathy0.21.5.2
GnomeEmpathy0.21.90
GnomeEmpathy0.21.91
GnomeEmpathy0.22.0
GnomeEmpathy0.22.1
GnomeEmpathy0.23.1
GnomeEmpathy0.23.2
GnomeEmpathy0.23.3
GnomeEmpathy0.23.4
GnomeEmpathy2.23.6
GnomeEmpathy2.23.90
GnomeEmpathy2.23.91
GnomeEmpathy2.23.92
GnomeEmpathy2.24.0
GnomeEmpathy2.24.1
GnomeEmpathy2.25.2
GnomeEmpathy2.25.3
GnomeEmpathy2.25.4
GnomeEmpathy2.25.90
GnomeEmpathy2.25.91
GnomeEmpathy2.25.92
GnomeEmpathy2.26.0
GnomeEmpathy2.26.0.1
GnomeEmpathy2.26.1
GnomeEmpathy2.26.2
GnomeEmpathy2.27.1
GnomeEmpathy2.27.1.1
GnomeEmpathy2.27.2
GnomeEmpathy2.27.3
GnomeEmpathy2.27.4

Showing 50 of 134 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-4170?
Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted alias (aka nickname) in a /me event, a different vulnerability than CVE-2011-3635.
How severe is CVE-2011-4170?
Severity scoring for CVE-2011-4170 is pending analysis. The EPSS model estimates a 0.90% probability of exploitation in the next 30 days.
How do I fix CVE-2011-4170?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-4170?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST