CVE-2020-26205

HIGH

Sal < 4.1.6 - Cross-Site Scripting in Machine List View

Title source: llm
STIX 2.1

Description

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/salopensource/sal/pull/405

Scores

CVSS v3 7.6
EPSS 0.0066
EPSS Percentile 47.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

Details

CWE
CWE-79
Status published
Products (1)
sal_project/sal < 4.1.6
Published Oct 29, 2020
Tracked Since Feb 18, 2026