Knowbe4: >> Security Awareness Training Security Vulnerabilities
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-04-20
The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-04-20