{"id":"PYSEC-2020-60","details":"A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.","aliases":["CVE-2020-28364","GHSA-vqxw-9pg7-v7v9"],"modified":"2024-02-23T21:13:20.162142Z","published":"2020-11-09T21:15:00Z","references":[{"type":"WEB","url":"https://docs.locust.io/en/stable/changelog.html"}],"affected":[{"package":{"name":"locust","ecosystem":"PyPI","purl":"pkg:pypi/locust"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.3.2"}]}],"versions":["1.0","1.0.1","1.0.2","1.0.3","1.1","1.1.1","1.2","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/locust/PYSEC-2020-60.yaml"}}],"schema_version":"1.7.3"}