Samba security advisory reports:
All current released versions of Samba are vulnerable to a
cross-site request forgery in the Samba Web Administration Tool
(SWAT). By tricking a user who is authenticated with SWAT into
clicking a manipulated URL on a different web page, it is
possible to manipulate SWAT.
All current released versions of Samba are vulnerable to a
cross-site scripting issue in the Samba Web Administration Tool
(SWAT). On the "Change Password" field, it is possible to insert
arbitrary content into the "user" field.