CVE-2011-2694

N/A Unknown
Published: July 29, 2011 Modified: April 29, 2026
View on NVD

Description

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://jvn.jp/en/jp/JVN63041502/index.html
Source: secalert@redhat.com
Third Party Advisory
http://osvdb.org/74072
Source: secalert@redhat.com
Broken Link
http://samba.org/samba/history/samba-3.5.10.html
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/45393
Source: secalert@redhat.com
Not Applicable Vendor Advisory
http://secunia.com/advisories/45488
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://secunia.com/advisories/45496
Source: secalert@redhat.com
Not Applicable Third Party Advisory
http://securitytracker.com/id?1025852
Source: secalert@redhat.com
Broken Link Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-1182-1
Source: secalert@redhat.com
Third Party Advisory
http://www.debian.org/security/2011/dsa-2290
Source: secalert@redhat.com
Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Source: secalert@redhat.com
Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Source: secalert@redhat.com
Broken Link
http://www.samba.org/samba/security/CVE-2011-2694
Source: secalert@redhat.com
Vendor Advisory
http://www.securityfocus.com/bid/48901
Source: secalert@redhat.com
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=722537
Source: secalert@redhat.com
Issue Tracking Patch
https://bugzilla.samba.org/show_bug.cgi?id=8289
Source: secalert@redhat.com
Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Source: secalert@redhat.com
Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN63041502/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://osvdb.org/74072
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://samba.org/samba/history/samba-3.5.10.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/45393
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Vendor Advisory
http://secunia.com/advisories/45488
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://secunia.com/advisories/45496
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Third Party Advisory
http://securitytracker.com/id?1025852
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://ubuntu.com/usn/usn-1182-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2011/dsa-2290
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:121
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.samba.org/samba/security/CVE-2011-2694
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.securityfocus.com/bid/48901
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=722537
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://bugzilla.samba.org/show_bug.cgi?id=8289
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/68844
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry

32 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
6.3%
93th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

debian canonical samba

Related CVEs

CVE-2026-56414 7.2
CVE-2026-55975 7.2
CVE-2026-33560 7.1
CVE-2026-31928 8.1
CVE-2026-28701 9.8