CVE-2020-36844

Summary

CVE-2020-36844 is a reflection XSS vulnerability affecting the KnowBe4 Security Awareness Training application before January 10, 2020. This issue arises due to the application's response containing a SCRIPT element that sets window.location.href to a malicious JavaScript URL. An attacker can exploit this vulnerability by tricking a user into visiting a specially crafted webpage, leading to the execution of unintended scripts and potential unauthorized actions. This could result in sensitive data exposure or system compromise. It is strongly recommended that users update their KnowBe4 application to the latest version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.