CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files
Medium
K
Khan Academy
Submitted None
Team Summary
Official summary from Khan Academy
Insufficient CSV escaping could result in our site generating an unsafe CSV file for an end user under certain conditions. See the reporter's summary for more.
Actions:
Reported by
demonia
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Code Injection