Unrated severityNVD Advisory· Published Apr 20, 2025· Updated Apr 21, 2025

CVE-2020-36844

Description

The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.

Affected products

Knowbe4/Security Awareness Trainingllm-fuzzy2 versions
<2020-01-10+ 1 more
- (no CPE)range: <2020-01-10
- (no CPE)range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.doyler.net/security-not-included/knowbe4-vulnerabilitiesmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000