CVE-2020-36845

Name of the Vulnerable Software and Affected Versions KnowBe4 Security Awareness Training versions prior to 2020-01-10

Description The issue concerns a redirect function in the application that fails to validate the destination URL before redirecting. This allows the response to contain a SCRIPT element that sets window.location.href to an arbitrary https URL.

Recommendations For versions prior to 2020-01-10, consider disabling the redirect function until a fix is applied to prevent potential exploitation. Restrict access to the redirect functionality to minimize risk. Avoid using the window.location.href variable in the affected redirect function until the issue is resolved.