Khan Academy: Html injection on khanacademy

2015-08-20T08:05:27
ID H1:83604
Type hackerone
Reporter manish_prajapat
Modified 2015-12-14T03:48:53

Description

There's an HTML Injection Vulnerability exists in khanacademy . Affected parameters "linkSuccess="

Steps to reproduce: 1. first open your account on khanacademy. 2.enter the link in the url box. http://khanacademy.org/settings/account?linkSuccess= 3.set any text after "=" (eg. http://khanacademy.org/settings/account?linkSuccess=hello world) 4.hit enter . 5 you see......

i have attach a poc video in this report.