CVE-2011-2694

Samba 3.x < 3.5.10 - Authenticated Cross-Site Scripting via SWAT Username Parameter

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

References (16)

Core 16
Core References
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Broken Link, Third Party Advisory vendor-advisory x_refsource_hp
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1025852
Third Party Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN63041502/index.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2290
Broken Link vdb-entry x_refsource_osvdb
http://osvdb.org/74072
Not Applicable, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45393
Not Applicable, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45496
Not Applicable, Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45488
Vendor Advisory x_refsource_confirm
http://samba.org/samba/history/samba-3.5.10.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48901
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.samba.org/show_bug.cgi?id=8289
Vendor Advisory x_refsource_confirm
http://www.samba.org/samba/security/CVE-2011-2694
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-1182-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Issue Tracking, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=722537

Scores

EPSS 0.0232
EPSS Percentile 85.0%

Details

CWE
CWE-79
Status published
Products (8)
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
canonical/ubuntu_linux 11.04
debian/debian_linux 5.0
debian/debian_linux 6.0
debian/debian_linux 7.0
samba/samba 3.0.0 - 3.3.16
Published Jul 29, 2011
Tracked Since Feb 18, 2026