Coursera


6 total issues disclosed

$0 total paid publicly


Most disclosed (2 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
No Password Verification on Changing Email Address Cause Account takeover Violation of Secure Design Principles nohack Medium 2018-05-19
[www.coursera.org] Leaking password reset link on referrer header Violation of Secure Design Principles flex0geek None 2018-02-14
XSS Stored Cross-site Scripting (XSS) - Generic pain_ Medium 2018-01-12
Stored XSS via transloadit.com and imageproxy Cross-site Scripting (XSS) - Stored c0rdis High 2017-11-30
XSS in https://www.coursera.org/courses/ Cross-site Scripting (XSS) - Generic secalert No rating 2016-09-14
Broken authentication and session management flaw Improper Authentication - Generic babayaga_ No rating 2016-08-18