DEBIAN-CVE-2011-2694

DEBIAN-CVE-2011-2694 PUBLISHED CVSS 8.600000381469727 HIGH

Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).

Risk Scores

CVSS v4.0

8.600000381469727

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:12	samba	0, 0, 0
Debian	samba
Debian:14	samba	0, 0, 0
Debian:11	samba	0, 0, 0
Debian:13	samba	0, 0, 0

Timeline

Jul 29, 2011 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2011-2694 advisory

Open in Interactive Console →