2.6

CVE-2011-2694

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Data is provided by the National Vulnerability Database (NVD)
SambaSamba Version >= 3.0.0 < 3.3.16
SambaSamba Version >= 3.4.0 < 3.4.14
SambaSamba Version >= 3.5.0 < 3.5.10
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version10.04 SwEdition-
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 2.5% 0.848
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://secunia.com/advisories/45393
Vendor Advisory
Not Applicable
http://secunia.com/advisories/45488
Third Party Advisory
Not Applicable
http://secunia.com/advisories/45496
Third Party Advisory
Not Applicable
http://securitytracker.com/id?1025852
Third Party Advisory
Broken Link
VDB Entry
http://ubuntu.com/usn/usn-1182-1
Third Party Advisory
http://www.securityfocus.com/bid/48901
Third Party Advisory
VDB Entry