Moderate severityNVD Advisory· Published Nov 9, 2020· Updated Aug 4, 2024
CVE-2020-28364
CVE-2020-28364
Description
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
locustPyPI | < 1.3.2 | 1.3.2 |
Affected products
1Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
7- github.com/advisories/GHSA-vqxw-9pg7-v7v9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28364ghsaADVISORY
- docs.locust.io/en/stable/changelog.htmlghsax_refsource_MISCWEB
- github.com/locustio/locust/commit/0d118179709b4a60174810bae4db41d40e4c99adghsaWEB
- github.com/locustio/locust/commit/4049173b3466da236b1d8d8d3519e73c01525a0dghsaWEB
- github.com/locustio/locust/pull/1603ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/locust/PYSEC-2020-60.yamlghsaWEB
News mentions
0No linked articles in our index yet.