Reports in khan academy program: S.No Title Bounty 1 OPEN URL REDIRECT through PNG files $0.0 2 No Security check at changing password and at adding mobile number which leads to account takeover and spam $0.0 3 SSL/TLS Vulnerability at khanacademy.org $0.0 4 The web app's forgot password page is vulnerable to text injection/content spoofing $0.0 5 Password Functionality not working correctly $0.0 6 Weak Bithdate Validation Implemented on Sign Up $0.0 7 Possible to join any class without coache's knowledge & Little Information Disclosure $0.0 8 Frameset(Frame) html tag is allowed in html editor.(can lead to clickjacking) $0.0 9 [critical] sql injection by GET method $0.0 10 XSS through document projects $0.0 11 Rate Limitation Vulnerability (DDos) $0.0 12 CSRF token fixation and potential account takeover $0.0 13 Possible Subdomain Takeover $0.0 14 Stored 'undefined' Cross-site Scripting $0.0 15 SignUp With Fake Email $0.0 16 POST XSS in https://www.khanacademy.org.tr/ via page_search_query parameter $0.0 17 Possible Take Over Subdomain For Inbound Emails $0.0 18 Cross site scripting (content-sniffing) $0.0 19 Creating Unlimited Fake Accounts. $0.0 20 Users can make accounts with a fake email address. $0.0 21 Account takeover by changing email $0.0 22 Take over of accounts created using Google or Facebook $0.0 23 https://mathfacts.khanacademy.org/ includes code from unprivileged localhost port $0.0 24 Cross-Site Request Forgery (CSRF) vulnerability on API endpoint allows account takeovers $0.0 25 Sensitive information/action is stored/done is done using a GET request $0.0 26 RTL override char allowed at khanacademy redirect page $0.0 27 Subdomain takeover on healthyhackathon.khanacademy.org and hackweek.khanacademy.org $0.0 28 Information can be changed without a password $0.0 29 Unauthorised Account Detail Modification $0.0 30 CSV Injection Via Student Password/Name Leads To Client Side RCE And Reading Client Files $0.0 31 Login page vulnerable to bruteforce attacks via rate limiting bypass $0.0 32 Password authentication when changing information bypass. Bypass of report #721341 $0.0 33 Khan Academy ClickJacking to Steal Users's Credintials $0.0 34 Bypass the fix of report #1078283 due to poor validation $0.0 35 Enumerate all the class codes via google dorking $0.0 36 Access to alerta.khanacademy.org leak sensitive data $0.0 37 EMAIL SPOOFING $0.0 38 The endpoint /api/internal/graphql/requestAuthEmail on Khanacademy.or is vulnerable to Race Condition Attack. $0.0 39 Enumerate class codes via yahoo dork - Can access any course under teacher - Sensitive information leaked $0.0 40 Email Verification Bypass Allows Users to Add & verify Any Email As Guardians Email $0.0 41 xss due to incorrect handling of postmessages $0.0 42 S3 bucket takeover [learn2.khanacademy.org] $0.0 43 Client Side string length check $0.0 44 Text Injection/ Content Spoofing on https://cloud.e.khanacademy.org by breaking out of input tag. $0.0