Back to search
CVE-2011-2694
Published: Jul 29, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
MDVSA-2011:121
vendor-advisory
x_refsource_MANDRIVA
HPSBNS02701
vendor-advisory
x_refsource_HP
1025852
vdb-entry
x_refsource_SECTRACK
JVN#63041502
third-party-advisory
x_refsource_JVN
DSA-2290
vendor-advisory
x_refsource_DEBIAN
74072
vdb-entry
x_refsource_OSVDB
45393
third-party-advisory
x_refsource_SECUNIA
45496
third-party-advisory
x_refsource_SECUNIA
45488
third-party-advisory
x_refsource_SECUNIA
http://samba.org/samba/history/samba-3.5.10.html
x_refsource_CONFIRM
48901
vdb-entry
x_refsource_BID
SSRT100598
vendor-advisory
x_refsource_HP
https://bugzilla.samba.org/show_bug.cgi?id=8289
x_refsource_CONFIRM
http://www.samba.org/samba/security/CVE-2011-2694
x_refsource_CONFIRM
USN-1182-1
vendor-advisory
x_refsource_UBUNTU
samba-user-xss(68844)
vdb-entry
x_refsource_XF
https://bugzilla.redhat.com/show_bug.cgi?id=722537
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now