Lucene search
K

57 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0428

Malware in sbrugna...

6.1CVSS6.1AI score0.01274EPSS
Exploits0References16
Hacker One
Hacker One
added 2025/04/18 4:11 p.m.13 views

Khan Academy: Leaked reused password for a few Khan Academy users

A large number of Khan Academy user credentials, including emails and passwords, were exposed through a Telegram bot. The exact source of the leaked data is unknown, but the volume of exposed information was substantial...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2025/04/07 12:55 p.m.864 views

Khan Academy: Unauthorized Account Access via Leaked Credentials in URL Format (Account Takeover )

The vulnerability allowed attackers to access user accounts on khanAcademy.com using leaked credentials that were publicly available. The credentials were found in clear text format on a third-party website. By entering the email and password, the attacker could perform an account takeover withou...

7AI score
Exploits0
Hacker One
Hacker One
added 2024/11/18 8:39 a.m.105 views

Khan Academy: XSS on using the legacy "Graphie To Png" API

The legacy "Graphie To Png" API was vulnerable to exploitation. An attacker could upload malicious graphies that included harmful SVG and JSON data. The SVG contained an onload attribute that executed arbitrary JavaScript. The JSON data modified the content of labels, causing the graphie renderer...

7.3AI score
Exploits0
Hacker One
Hacker One
added 2023/10/31 8:9 p.m.29 views

Khan Academy: Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag.

A vulnerability was discovered on https://cloud.e.khanacademy.org that allowed text injection via breaking out of an input tag. By inserting a closing angle bracket in a parameter value, an attacker could inject arbitrary text that would be reflected on the page, enabling phishing attacks. The...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2022/07/14 8:35 a.m.15 views

Khan Academy: Email Verification Bypass Allows Users to Add & verify Any Email As Guardians Email

Go to https://www.khanacademy.org/signup and signup as learner keeping date of birth below 13 years. F1821117 2. Now keep victims email as parent's email for example here I am keeping [email protected] as parents email and click on signup. ████ 3. Now you will see a following message "Your...

1.2AI score
Exploits0
Hacker One
Hacker One
added 2021/08/06 10:50 a.m.17 views

Khan Academy: The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack.

Summary The endpoint /api/internal/graphql/requestAuthEmail on www.khanacademy.org is vulnerable to a Race condition attack. That may cause a random e-mail user to receive an important amount of emails to Finish signing up for Khan Academy with invalid links. The attack is because your web...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/06/26 2:47 a.m.7 views

Khan Academy: Client Side string length check

A client-side string length check vulnerability allowed an attacker to save excessively long strings in the "Class Settings" page on khanacademy.org, potentially causing various issues such as content manipulation, page template breaking, and crashing for low-memory visitors...

7AI score
Exploits0
Hacker One
Hacker One
added 2021/05/29 2:29 a.m.36 views

Khan Academy: Bypass the fix of report #1078283 due to poor validation

Hi Khan Academy Team, I was able to bypass the fix you implemented for report 1078283. The URL validation you implemented on the endpoint continue checks the presence of khanacademy.org however it doesn't have any boundary checking to ignore domains starting with .org, so if an attacker register ...

0.7AI score
Exploits0
Hacker One
Hacker One
added 2021/05/26 4:19 p.m.15 views

Khan Academy: Enumerate all the class codes via google dorking

I used this particular google dork site:khanacademy.org/join/ to enumerate all the links of joining classes. 1. Go to google and use the above query to enumerate all of them. 2. Create the student account by filling all the required details 3. Now you're in the class without being actually invite...

2.4AI score
Exploits0
Hacker One
Hacker One
added 2020/11/22 9:12 a.m.128 views

Khan Academy: Login page vulnerable to bruteforce attacks via rate limiting bypass

SUMMARY This report consists of two vulnerabilities. 1st vulnerability: I found out that there is a rate limiting in place after 25 failed attempts. Now that is good, but when i use other email address to bruteforce, The rate limit didnt preserve to the new email. This may looks like a minor issu...

1.1AI score
Exploits0
Hacker One
Hacker One
added 2020/07/26 5:36 p.m.130 views

Khan Academy: CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files

Insufficient CSV escaping could result in our site generating an unsafe CSV file for an end user under certain conditions. See the reporter's summary for more. Two CSV Injection Issues Was Discovered On Khan's Teacher CSV Export Function, That Could Allow Client Site Remote Code Execution, And...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2020/05/07 3:16 p.m.15 views

Khan Academy: Unauthorised Account Detail Modification

Introduction ========= Hi 5kyw41k3r here, ==I found an Unauthorised Account Detail Modification in KA website==... Defination ========= It is a flaw which allows a malicious actor to modify the details of an account. I have included a video made by me for demonstration purposes using a test...

0.8AI score
Exploits0
Hacker One
Hacker One
added 2019/07/12 4:29 p.m.74 views

Khan Academy: RTL override char allowed at khanacademy redirect page

Summary Attacker can embed RTLO character at the following URL https://www.khanacademy.org/computer-programming/linkredirector?url= to trick the user to download suspicious files. Steps to reproduce Visit https://www.khanacademy.org/computer-programming/linkredirector?url= add the following paylo...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2019/07/10 5:57 p.m.19 views

Khan Academy: Khan Academy ClickJacking to Steal Users's Credintials

DESCRIPTION 1. It ask to login to https://alerta.khanacademy.org with google account. 2. It doesn't give access to any normal user. 3. That's why after trying to login with GOOGLE account it shows a error message prompt with user's sensitive information including email, code/access token and clie...

0.9AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/22 5:44 p.m.104 views

Critical Flaws in Khan Academy Opened Door to Account Takeovers

Two critical cross-site request forgery CSRF flaws in educational non-profit Khan Academy’s website may have affected some users by allowing account takeover. Khan Academy, a non-profit learning organization, produces short lessons in the form of videos that can be accessed online. The two critic...

0.1AI score
Exploits0References5
Hacker One
Hacker One
added 2019/04/25 7:8 p.m.24 views

Khan Academy: Users can make accounts with a fake email address.

A valid email address is not required to create a Khan Academy account. We do not consider this a security vulnerability...

4AI score
Exploits0
NVD
NVD
added 2019/04/09 2:29 a.m.10 views

CVE-2019-9844

simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...

6.1CVSS5.9AI score0.01274EPSS
Exploits0References5
OSV
OSV
added 2019/04/09 2:29 a.m.18 views

CVE-2019-9844

simple-markdown.js in Khan Academy simple-markdown before 0.4.4 allows XSS via a data: or vbscript: URI...

6.1CVSS5.5AI score
Exploits0References5
CNVD
CNVD
added 2019/03/18 12:0 a.m.2 views

simple-markdown cross-site scripting vulnerability

simple-markdown is a simple, extensible Markdown-like parser . A cross-site scripting vulnerability exists in simple-markdown.js in Khan Academy simple-markdown versions prior to 0.4.4. The vulnerability can be exploited to conduct cross-site scripting attacks via the data: or vbscript: URI...

6.1CVSS6.3AI score0.01274EPSS
Exploits0References1
Rows per page
Query Builder