CVE - CVE-2011-2694

CVE-ID
CVE-2011-2694	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:48901 URL:http://www.securityfocus.com/bid/48901 CONFIRM:http://samba.org/samba/history/samba-3.5.10.html CONFIRM:http://www.samba.org/samba/security/CVE-2011-2694 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=722537 CONFIRM:https://bugzilla.samba.org/show_bug.cgi?id=8289 DEBIAN:DSA-2290 URL:http://www.debian.org/security/2011/dsa-2290 HP:HPSBNS02701 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 HP:SSRT100598 URL:http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543 JVN:JVN#63041502 URL:http://jvn.jp/en/jp/JVN63041502/index.html MANDRIVA:MDVSA-2011:121 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2011:121~~ (Obsolete source) OSVDB:74072 URL:~~http://osvdb.org/74072~~ (Obsolete source) SECTRACK:1025852 URL:http://securitytracker.com/id?1025852 SECUNIA:45393 URL:http://secunia.com/advisories/45393 SECUNIA:45488 URL:http://secunia.com/advisories/45488 SECUNIA:45496 URL:http://secunia.com/advisories/45496 UBUNTU:USN-1182-1 URL:http://ubuntu.com/usn/usn-1182-1 XF:samba-user-xss(68844) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Assigning CNA
Red Hat, Inc.
Date Record Created
20110711	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110711)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)