CVE-2011-2694
Description
Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
Risk Information
Base Score
4.8
MODERATE
Vector
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
3.127
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Libsmbclient update (ELSA-2018-1860) libsmbclient-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Libsmbclient-devel update (ELSA-2018-1860) libsmbclient-devel-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba update (ELSA-2018-1860) samba-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-client update (ELSA-2018-1860) samba-client-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-common update (ELSA-2018-1860) samba-common-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-doc update (ELSA-2018-1860) samba-doc-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-domainjoin-gui update (ELSA-2018-1860) samba-domainjoin-gui-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-glusterfs update (ELSA-2018-1860) samba-glusterfs-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-swat update (ELSA-2018-1860) samba-swat-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-winbind update (ELSA-2018-1860) samba-winbind-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-winbind-clients update (ELSA-2018-1860) samba-winbind-clients-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-winbind-devel update (ELSA-2018-1860) samba-winbind-devel-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Samba-winbind-krb5-locator update (ELSA-2018-1860) samba-winbind-krb5-locator-3.6.23-51.0.1.el6.x86_64.rpm | Linux |
| Libsmbclient update (ELSA-2018-1860) libsmbclient-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Libsmbclient-devel update (ELSA-2018-1860) libsmbclient-devel-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba update (ELSA-2018-1860) samba-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-client update (ELSA-2018-1860) samba-client-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-common update (ELSA-2018-1860) samba-common-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-doc update (ELSA-2018-1860) samba-doc-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-domainjoin-gui update (ELSA-2018-1860) samba-domainjoin-gui-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-swat update (ELSA-2018-1860) samba-swat-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-winbind update (ELSA-2018-1860) samba-winbind-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-winbind-clients update (ELSA-2018-1860) samba-winbind-clients-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-winbind-devel update (ELSA-2018-1860) samba-winbind-devel-3.6.23-51.0.1.el6.i686.rpm | Linux |
| Samba-winbind-krb5-locator update (ELSA-2018-1860) samba-winbind-krb5-locator-3.6.23-51.0.1.el6.i686.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234