Published: 29/07/2011 Updated: 31/10/2022

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x prior to 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Vulnerable Product	Search on Vulmon	Subscribe to Product
samba samba
canonical ubuntu linux 10.10
canonical ubuntu linux 11.04
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
debian debian linux 5.0
debian debian linux 7.0
debian debian linux 6.0

An attacker could use a malicious URL to reconfigure Samba or steal information ...

CWE-79 http://www.samba.org/samba/security/CVE-2011-2694 http://secunia.com/advisories/45393 http://jvn.jp/en/jp/JVN63041502/index.html http://securitytracker.com/id?1025852 http://www.securityfocus.com/bid/48901 http://samba.org/samba/history/samba-3.5.10.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:121 https://bugzilla.redhat.com/show_bug.cgi?id=722537 https://bugzilla.samba.org/show_bug.cgi?id=8289 http://osvdb.org/74072 http://secunia.com/advisories/45496 http://www.debian.org/security/2011/dsa-2290 http://secunia.com/advisories/45488 http://ubuntu.com/usn/usn-1182-1 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 https://exchange.xforce.ibmcloud.com/vulnerabilities/68844 https://usn.ubuntu.com/1182-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-2694

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect