CVE-2011-2694 — Cross-site Scripting in Samba

CWE-79 — Cross-site Scripting8 documents7 sources

Severity

2.6LOWNVD

EPSS

3.1%

top 13.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Debian Samba Canonical Ubuntu Linux +1 more

Timeline

PublishedJul 29

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages3 packages

▶NVDsamba/samba3.0.0 — 3.3.16+2

▶debiandebian/samba< samba 2:3.5.10~dfsg-1 (bookworm)

▶Debiansamba/samba< 2:3.5.10~dfsg-1+3

Also affects: Debian Linux 5.0, 6.0, 7.0, Ubuntu Linux 10.04, 10.10, 11.04, 8.04

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.samba.org ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-9xqr-g3w9-82pj: Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat↗2022-05-14

▶

OSV

CVE-2011-2694: Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat↗2011-07-29

▶

📋Vendor Advisories

Ubuntu

Samba vulnerabilities↗2011-08-02

▶

Red Hat

(SWAT): XSS flaw in Change Password page↗2011-07-26

▶

Debian

CVE-2011-2694: samba - Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat....↗2011

▶

💬Community

Bugzilla

CVE-2011-2522 CVE-2011-2694 samba various flaws [fedora-all]↗2011-07-26

▶

Bugzilla

CVE-2011-2694 samba (SWAT): XSS flaw in Change Password page↗2011-07-15

▶