Loading HuntDB...

Vulnerability Intelligence by wss.sh

Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News

More Sources

HackerOne Reports

Bug bounty disclosures

WordPress Vulnerabilities

WordPress plugins & themes

Tools & Data

Trending Insights

Popular vulnerabilities

Advanced Search

Filter & search CVEs

Product Inventory

Software & vendors

Sign In Sign Up

Khan Academy - HackerOne Reports

View on HackerOne

47

Total Reports

6

Critical

15

High

16

Medium

7

Low

Sensitive information/action is stored/done is done using a GET request

Reported by: saurabhb | Disclosed:

Weakness: Cross-Site Request Forgery (CSRF)

Enumerate all the class codes via google dorking

Reported by: renganathan | Disclosed:

High

Weakness: Improper Access Control - Generic

The web app's forgot password page is vulnerable to text injection/content spoofing

Reported by: saurabhb | Disclosed:

Weakness: Command Injection - Generic

Creating Unlimited Fake Accounts.

Reported by: sameerphad72 | Disclosed:

Medium

Unauthorized Account Access via Leaked Credentials in URL Format (Account Takeover )

Reported by: firec4t | Disclosed:

Critical

Weakness: Cleartext Storage of Sensitive Information

Weak Bithdate Validation Implemented on Sign Up

Reported by: paranoidglitch | Disclosed:

Low

Weakness: Violation of Secure Design Principles

Users can make accounts with a fake email address.

Reported by: httpsguy | Disclosed:

Low

Previous Page 3 of 3