Vulnerability Details CVE-2020-36845
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.0%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2020-36845
-
cpe:2.3:a:knowbe4:security_awareness_training:*