Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Khan Academy - HackerOne Reports

View on HackerOne

47

Total Reports

6

Critical

15

High

16

Medium

7

Low

Login page vulnerable to bruteforce attacks via rate limiting bypass

Reported by: tomorrowisnew_ | Disclosed:

Low

Weakness: Improper Restriction of Authentication Attempts

Password authentication when changing information bypass. Bypass of report #721341

Reported by: tomorrowisnew_ | Disclosed:

High

Weakness: Unverified Password Change

Rate Limitation Vulnerability (DDos)

Reported by: hamzar97 | Disclosed:

High

Weakness: Uncontrolled Resource Consumption

Take over of accounts created using Google or Facebook

Reported by: tomoh | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

Information can be changed without a password

Reported by: jamesconnor | Disclosed:

High

Weakness: Unverified Password Change

OPEN URL REDIRECT through PNG files

Reported by: dineshvicky | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Leaked reused password for a few Khan Academy users

Reported by: a0xtrojan | Disclosed:

High

Weakness: Cleartext Storage of Sensitive Information

Client Side string length check

Reported by: tomh | Disclosed:

Medium

Weakness: Client-Side Enforcement of Server-Side Security

Email Verification Bypass Allows Users to Add & verify Any Email As Guardians Email

Reported by: shuvam321 | Disclosed:

High

Weakness: Privilege Escalation

RTL override char allowed at khanacademy redirect page

Reported by: d3f4u17 | Disclosed:

Low

Weakness: Violation of Secure Design Principles

XSS on using the legacy "Graphie To Png" API

Reported by: sikn | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - DOM

Account takeover by changing email

Reported by: tomoh | Disclosed:

Critical

Weakness: Cross-Site Request Forgery (CSRF)

Access to alerta.khanacademy.org leak sensitive data

Reported by: myominthu_sec | Disclosed:

Critical

Weakness: Improper Access Control - Generic

Cross site scripting (content-sniffing)

Reported by: sarmadkhan | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.

Reported by: sim4n6 | Disclosed:

Medium

Weakness: Business Logic Errors

S3 bucket takeover [learn2.khanacademy.org]

Reported by: fdeleite | Disclosed:

High

Unauthorised Account Detail Modification

Reported by: 5kyw41k3r | Disclosed:

High

Weakness: Improper Access Control - Generic

Password Functionality not working correctly

Reported by: utkarsh123 | Disclosed:

Low

EMAIL SPOOFING

Reported by: hackthedevil | Disclosed:

Medium

Weakness: Privilege Escalation

Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking)

Reported by: na5ne3t | Disclosed:

Low

Weakness: UI Redressing (Clickjacking)

Page 1 of 3 Next