CVE-2020-36844

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL...

KnowBe4 Security Awareness Training 安全漏洞

KnowBe4 Security Awareness Training is a human risk management software from KnowBe4. A security vulnerability exists in KnowBe4 Security Awareness Training versions prior to 2020-01-10 that stems from vulnerability to reflective cross-site scripting attacks...

CVE-2020-36844

KnowBe4 Security Awareness Training is affected by CVE-2020-36844, a reflected XSS in versions before 2020-01-10. The vulnerability arises from a response SCRIPT element that sets window.location.href to a JavaScript URL, enabling an attacker-controlled script reflected in the page. The CVSS base...

PT-2025-17416 · Knowbe4 · Knowbe4 Security Awareness Training

Name of the Vulnerable Software and Affected Versions: KnowBe4 Security Awareness Training versions prior to 2020-01-10 Description: The issue concerns a redirect function in the application that fails to validate the destination URL before redirecting. This allows the response to contain a SCRIP...