Public Khan Academy bug reports.

Team Bounty Title
Khan Academy - Weak Bithdate Validation Implemented on Sign Up
Khan Academy - Password Functionality not working correctly
Khan Academy - No Security check at changing password and at adding mobile number which leads to account takeover and spam
Khan Academy - SSL/TLS Vulnerability at khanacademy.org
Khan Academy - OPEN URL REDIRECT through PNG files
Khan Academy - The web app's forgot password page is vulnerable to text injection/content spoofing
Khan Academy - XSS vulnerability in "/coach/roster/" ( create your first class)
Khan Academy - Escaping the iframe via exceptions
Khan Academy - Html injection on khanacademy
Khan Academy - Sql injection And XSS
Khan Academy - Unchecking hidden parameter is vulnerable to XSS-attack
Khan Academy - CRLF Injection
Khan Academy - Suffix of url-path is vulnerable to XSS-attack
Khan Academy - XSS at http://smarthistory.khanacademy.org
Khan Academy - Open Redirection in SmartHistory KhanAcademy
Khan Academy - Weak Ciphers Enabled
Khan Academy - Persistent class XSS [the fuck]
Khan Academy - https://www.khanacademy.org/coach/reports/activity XSS
Khan Academy - CSRF - Adding/Removing items to cart - shop.khanacademy.org
Khan Academy - User guessing/enumeration at sw.khanacademy.org
Khan Academy - Lighttpd version disclosure / directory listing
Khan Academy - Possible clickjacking at shop.khanacademy.org
Khan Academy - Stored XSS {dangerous?} https://www.khanacademy.org/coach/roster/?listId=allStudents
Khan Academy - Full Path Disclosure on [smarthistory.khanacademy.org]
Khan Academy - https://www.khanacademy.org/login open-redirect
Khan Academy - Dom based XSS https://www.khanacademy.org/
Khan Academy - http://smarthistory.khanacademy.org/search-results.html XSS