CVE-2020-36844 – This vulnerability allows reflected cross-site ... (How to Fix)

📋 TL;DR

This vulnerability allows reflected cross-site scripting (XSS) attacks in KnowBe4 Security Awareness Training applications. Attackers can inject malicious scripts that execute in victims' browsers when they click specially crafted links. Organizations using affected versions of KnowBe4's training platform are at risk.

💻 Affected Systems

Products:

KnowBe4 Security Awareness Training Platform

Versions: All versions before 2020-01-10

Operating Systems: All platforms running the web application

Default Config Vulnerable: ⚠️ Yes

Notes: This affects the web interface of the KnowBe4 training platform. The vulnerability is in how the application handles user input in URLs.

📦 What is this software?

Security Awareness Training by Knowbe4

View all CVEs affecting Security Awareness Training →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal user session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or install malware through drive-by downloads.

🟠

Likely Case

Session hijacking leading to unauthorized access to training accounts, potential credential theft, and user redirection to phishing sites.

🟢

If Mitigated

Limited impact with proper input validation and output encoding, though some user inconvenience from malicious redirects may still occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability involves reflected XSS through JavaScript URL manipulation, making it relatively easy to exploit with basic web security knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions from 2020-01-10 onward

Vendor Advisory: https://www.knowbe4.com/security-advisory

Restart Required: No

Instructions:

1. Log into KnowBe4 admin console
2. Navigate to System Settings
3. Check current version
4. If before 2020-01-10, contact KnowBe4 support for upgrade
5. Apply the update through the platform's update mechanism

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block malicious JavaScript URLs and XSS payloads

# Example ModSecurity rule:
SecRule ARGS "@rx javascript:" "id:1001,phase:2,deny,msg:'JavaScript URL detected'"

Content Security Policy

all

Implement strict CSP headers to prevent inline script execution

Content-Security-Policy: script-src 'self' https://trusted.cdn.com; object-src 'none';

🧯 If You Can't Patch

Implement network segmentation to restrict access to the KnowBe4 application
Enable browser security features like XSS filters and disable JavaScript execution for untrusted sources

🔍 How to Verify

Check if Vulnerable:

Test by accessing the application with a test payload like: https://[knowbe4-url]/?param=<script>alert('XSS')</script>

Check Version:

Check the application footer or admin dashboard for version information, or contact KnowBe4 support

Verify Fix Applied:

After patching, retest with the same XSS payloads and verify they are properly sanitized or blocked

📡 Detection & Monitoring

Log Indicators:

Unusual URL parameters containing script tags or JavaScript URLs
Multiple failed login attempts followed by suspicious redirects

Network Indicators:

HTTP requests containing 'javascript:' in URL parameters
Unexpected redirects to external domains

SIEM Query:

source="web_logs" AND (url="*javascript:*" OR url="*<script>*")

📊 Metadata

CVE ID: CVE-2020-36844

CVSS v3 Score: 6.1 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE: CWE-79

EPSS Score: 0.18% exploit probability (39.7th percentile)

Published: April 20, 2025

Last Updated: May 13, 2025

🔗 References

https://www.doyler.net/security-not-included/knowbe4-vulnerabilities Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36844, you might also want to check these: