Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents

Disclosed: 2014-04-09 17:00:08 By smiegles To khanacademy

Unknown

Vulnerability Details

Hi, when you go to https://www.khanacademy.org/coach/roster/?listId=allStudents and press on add class you have the possebility to add a class (obvious). when you name it "><img src=x onerror=alert(4)> it will stay persistent. quite dangerous Best regards, Olivier Beg

Actions

View on HackerOne

Report Stats

Report ID: 6369
State: Closed
Substate: resolved
Upvotes: 3

Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents

Vulnerability Details

Actions

Report Stats

Share this report