Unrated severityNVD Advisory· Published Jul 29, 2011· Updated Jun 16, 2026
CVE-2011-2694
CVE-2011-2694
Description
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- Range: >= 3.0, < 3.5.10
Patches
Vulnerability mechanics
References
16- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- bugzilla.samba.org/show_bug.cginvdIssue TrackingPatch
- jvn.jp/en/jp/JVN63041502/index.htmlnvdThird Party Advisory
- samba.org/samba/history/samba-3.5.10.htmlnvdVendor Advisory
- secunia.com/advisories/45393nvdNot ApplicableVendor Advisory
- secunia.com/advisories/45488nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/45496nvdNot ApplicableThird Party Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- ubuntu.com/usn/usn-1182-1nvdThird Party Advisory
- www.debian.org/security/2011/dsa-2290nvdThird Party Advisory
- www.itrc.hp.com/service/cki/docDisplay.donvdBroken LinkThird Party Advisory
- www.samba.org/samba/security/CVE-2011-2694nvdVendor Advisory
- www.securityfocus.com/bid/48901nvdThird Party AdvisoryVDB Entry
- exchange.xforce.ibmcloud.com/vulnerabilities/68844nvdThird Party AdvisoryVDB Entry
- osvdb.org/74072nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
News mentions
0No linked articles in our index yet.