CVE-2020-26205

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-26205
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-26205.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-26205
Published
2020-10-29T20:15:19Z
Modified
2025-01-08T10:29:44.236521Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.

References

Affected packages

Git / github.com/salopensource/sal

Affected ranges

Type
GIT
Repo
https://github.com/salopensource/sal
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

2.*

2.1.0
2.1.1
2.2.0
2.2.0-beta1
2.2.0-beta2
2.2.0-beta3
2.2.0-beta4
2.2.1
2.2.2
2.2.3
2.3.0
2.3.1
2.3.1.1
2.4.0
2.4.0.507
2.4.0.514
2.4.0.518
2.4.0.521
2.4.0.526
2.4.0.536
2.4.0.537
2.4.0.539
2.4.0.540
2.4.0.542
2.4.0.555
2.5.0.621
2.5.1.628
2.6.0
2.6.1
2.6.2
2.6.3
2.6.4
2.6.5
2.7.0
2.7.1
2.7.2
2.7.3

3.*

3.0.0
3.0.0b1
3.0.0b2
3.0.1
3.0.2
3.0.3
3.0.4
3.0.5
3.1.0
3.1.0.1
3.1.1
3.2.0
3.2.1
3.2.10
3.2.11
3.2.12
3.2.13
3.2.14
3.2.2
3.2.3
3.2.4
3.2.5
3.2.6
3.2.7
3.2.8
3.2.9
3.3.0
3.3.1
3.3.10
3.3.11
3.3.12
3.3.13
3.3.14
3.3.15
3.3.16
3.3.2
3.3.3
3.3.4
3.3.5
3.3.6
3.3.7
3.3.8
3.3.9

4.*

4.0.0
4.0.2
4.0.3
4.0.4
4.1.0
4.1.1
4.1.2
4.1.3
4.1.4
4.1.5
4.1.6

v0.*

v0.3.2
v0.4.0
v0.4.1

v2.*

v2.0.0
v2.0.0.1
v2.0.1
v2.0.2
v2.0.3
v2.1.0-beta1
v2.1.0-beta2