CVE-2020-26205
- Source
- https://cve.org/CVERecord?id=CVE-2020-26205
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26205.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-26205
- Published
- 2020-10-29T20:15:19.353Z
- Modified
- 2026-05-14T13:09:49.566605Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.
- References
Affected packages
Git / github.com/salopensource/sal
Affected ranges
- Type
- GIT
- Repo
- https://github.com/salopensource/sal
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "cpe": "cpe:2.3:a:sal_project:sal:*:*:*:*:*:*:*:*", "source": "CPE_FIELD", "extracted_events": [ { "introduced": "0" }, { "last_affected": "4.1.6" } ] }
Affected versions
2.*
2.1.0
2.1.1
2.2.0
2.2.0-beta1
2.2.0-beta2
2.2.0-beta3
2.2.0-beta4
2.2.1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.0.507
2.4.0.514
2.4.0.518
2.4.0.521
2.4.0.526
2.4.0.536
2.4.0.537
2.4.0.539
2.4.0.540
2.4.0.542
2.4.0.555
2.5.0.621
2.5.1.628
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3
3.*
3.0.0
3.0.0b1
3.0.0b2
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0
3.1.0.1
3.1.1
3.2.0
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9
4.*
4.0.0
4.0.2
4.0.3
4.0.4
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6
v0.*
v0.3.2
v0.4.0
v0.4.1
v2.*
v2.0.0
v2.0.0.1
v2.0.1
v2.0.2
v2.0.3
v2.1.0-beta1
v2.1.0-beta2