CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Published: Jul 29, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-2694
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
samba / samba	3.0.0	3.3.16
samba / samba	3.4.0	3.4.14
samba / samba	3.5.0	3.5.10
canonical / ubuntu_linux	10.10	10.10.x
canonical / ubuntu_linux	11.04	11.04.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	10.04	10.04.x
debian / debian_linux	5.0	5.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x

http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
https://bugzilla.redhat.com/show_bug.cgi?id=722537
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844

Vulnerability Database

289,697

CVE-2011-2694