2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
samba is vulnerable to cross-site scripting (XSS). A cross-site scripting (XSS) flaw was found in the password change page of the Samba Web Administration Tool (SWAT). If a remote attacker could trick a user, who was logged into the SWAT interface, into visiting a specially-crafted URL, it would lead to arbitrary web script execution in the context of the user’s SWAT session.
jvn.jp/en/jp/JVN63041502/index.html
osvdb.org/74072
samba.org/samba/history/samba-3.5.10.html
secunia.com/advisories/45393
secunia.com/advisories/45488
secunia.com/advisories/45496
securitytracker.com/id?1025852
ubuntu.com/usn/usn-1182-1
www.debian.org/security/2011/dsa-2290
www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c03008543
www.mandriva.com/security/advisories?name=MDVSA-2011:121
www.samba.org/samba/security/CVE-2011-2694
www.securityfocus.com/bid/48901
access.redhat.com/errata/RHSA-2011:1219
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=722537
bugzilla.samba.org/show_bug.cgi?id=8289
exchange.xforce.ibmcloud.com/vulnerabilities/68844