CVE-2011-2694 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Reference

http://jvn.jp/en/jp/JVN63041502/index.html http://osvdb.org/74072 http://samba.org/samba/history/samba-3.5.10.html http://secunia.com/advisories/45393 http://secunia.com/advisories/45488 http://secunia.com/advisories/45496 http://securitytracker.com/id?1025852 http://ubuntu.com/usn/usn-1182-1 http://www.debian.org/security/2011/dsa-2290 http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 http://www.mandriva.com/security/advisories?name=MDVSA-2011:121 http://www.samba.org/samba/security/CVE-2011-2694 http://www.securityfocus.com/bid/48901 https://bugzilla.redhat.com/show_bug.cgi?id=722537 https://bugzilla.samba.org/show_bug.cgi?id=8289 https://exchange.xforce.ibmcloud.com/vulnerabilities/68844

Share on: