Khan Academy: Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents

2014-04-07T23:30:32
ID H1:6369
Type hackerone
Reporter smiegles
Modified 2014-04-09T17:00:08

Description

Hi,

when you go to https://www.khanacademy.org/coach/roster/?listId=allStudents and press on add class you have the possebility to add a class (obvious). when you name it "><img src=x onerror=alert(4)> it will stay persistent.

quite dangerous

Best regards,

Olivier Beg