Khan Academy: Html injection on khanacademy

ID H1:83604
Type hackerone
Reporter manish_prajapat
Modified 2015-12-14T03:48:53


There's an HTML Injection Vulnerability exists in khanacademy . Affected parameters "linkSuccess="

Steps to reproduce: 1. first open your account on khanacademy. 2.enter the link in the url box. 3.set any text after "=" (eg. world) 4.hit enter . 5 you see......

i have attach a poc video in this report.