Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Khan Academy - HackerOne Reports

View on HackerOne

47

Total Reports

6

Critical

15

High

16

Medium

7

Low

Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.

Reported by: grassye | Disclosed:

Low

Weakness: Violation of Secure Design Principles

[critical] sql injection by GET method

Reported by: securitygab | Disclosed:

High

Weakness: SQL Injection

CSRF token fixation and potential account takeover

Reported by: co0nan | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked

Reported by: bughunterpol | Disclosed:

High

Weakness: Information Disclosure

POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter

Reported by: miguel_santareno | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Generic

Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers

Reported by: rlaneth | Disclosed:

High

Weakness: Cross-Site Request Forgery (CSRF)

xss due to incorrect handling of postmessages

Reported by: moom825 | Disclosed:

Critical

Weakness: Cross-site Scripting (XSS) - DOM

https://mathfacts.khanacademy.org/ includes code from unprivileged localhost port

Reported by: hanno | Disclosed:

Medium

Weakness: Code Injection

Bypass the fix of report #1078283 due to poor validation

Reported by: wlucenasec | Disclosed:

High

Weakness: Open Redirect

XSS through document projects

Reported by: ethanluismcdonough | Disclosed:

High

Weakness: Cross-site Scripting (XSS) - Stored

Subdomain takeover on healthyhackathon.khanacademy.org and hackweek.khanacademy.org

Reported by: katsuragicsl | Disclosed:

High

Weakness: Improper Access Control - Generic

Khan Academy ClickJacking to Steal Users's Credintials

Reported by: hack_im | Disclosed:

SSL/TLS Vulnerability at khanacademy.org

Reported by: hack40077 | Disclosed:

High

Weakness: Cryptographic Issues - Generic

CVEs: CVE-2016-2183

No Security check at changing password and at adding mobile number which leads to account takeover and spam

Reported by: mohith_kalyan | Disclosed:

Medium

Weakness: Violation of Secure Design Principles

CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files

Reported by: demonia | Disclosed:

Medium

Weakness: Code Injection

Possible to join any class without coache's knowledge & Little Information Disclosure

Reported by: muztahidultan1m | Disclosed:

Medium

Weakness: Business Logic Errors

Possible Take Over Subdomain For Inbound Emails

Reported by: rootbakar___ | Disclosed:

Medium

Stored 'undefined' Cross-site Scripting

Reported by: rootbakar___ | Disclosed:

Medium

Weakness: Cross-site Scripting (XSS) - Stored

SignUp With Fake Email

Reported by: rootbakar___ | Disclosed:

Medium

Weakness: Business Logic Errors

Possible Subdomain Takeover

Reported by: avileox | Disclosed:

Medium

Previous Page 2 of 3 Next