CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.6 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:N/I:P/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
sambasamba
3.0.0 ≤
𝑥
< 3.3.16
sambasamba
3.4.0 ≤
𝑥
< 3.4.14
sambasamba
3.5.0 ≤
𝑥
< 3.5.10
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
debiandebian_linux
5.0
debiandebian_linux
6.0
debiandebian_linux
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
samba
bullseye (security)
2:4.13.13+dfsg-1~deb11u6
fixed
bullseye
2:4.13.13+dfsg-1~deb11u6
fixed
bookworm
2:4.17.12+dfsg-0+deb12u1
fixed
bookworm (security)
2:4.17.12+dfsg-0+deb12u1
fixed
sid
2:4.21.1+dfsg-2
fixed
trixie
2:4.21.1+dfsg-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
samba
natty
Fixed 2:3.5.8~dfsg-1ubuntu2.3
released
maverick
Fixed 2:3.5.4~dfsg-1ubuntu8.5
released
lucid
Fixed 2:3.4.7~dfsg-1ubuntu3.7
released
hardy
Fixed 3.0.28a-1ubuntu4.15
released
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
https://bugzilla.redhat.com/show_bug.cgi?id=722537
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
http://jvn.jp/en/jp/JVN63041502/index.html
http://osvdb.org/74072
http://samba.org/samba/history/samba-3.5.10.html
http://secunia.com/advisories/45393
http://secunia.com/advisories/45488
http://secunia.com/advisories/45496
http://securitytracker.com/id?1025852
http://ubuntu.com/usn/usn-1182-1
http://www.debian.org/security/2011/dsa-2290
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
http://www.samba.org/samba/security/CVE-2011-2694
http://www.securityfocus.com/bid/48901
https://bugzilla.redhat.com/show_bug.cgi?id=722537
https://bugzilla.samba.org/show_bug.cgi?id=8289
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844