Udemy


35 total issues disclosed

$2,325 total paid publicly


Most disclosed (8 disclosures) — Cross-site Scripting (XSS) - Generic

View disclosed reports



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
[engineering.udemy.com] - Subdomain Takeover (ghost.io) Improper Access Control - Generic kazan71p Low 2018-06-28
Subdomain Takeover (and Stored XSS) via Trailing Dot at https://coding-exercises.udemy.com None supplied cha5m None 2018-05-10
Weak Password Violation of Secure Design Principles firestone None 2017-08-29
CSRF Token Design Flaw Cross-Site Request Forgery (CSRF) hdarji None 2017-08-29
No password length restriction Weak Cryptography for Passwords alirazzaq4 None 2017-08-29
Violation of secure design principle Violation of Secure Design Principles kaushalag29 None 2017-08-17
CSRF Token Cross-Site Request Forgery (CSRF) hi_man No rating 2017-08-17
Content Spoofing in udemy Violation of Secure Design Principles csanuragjain Low 2017-07-23
Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at https://jenkins101.udemy.com Code Injection cha5m High 2017-06-17
sweet32 Cryptographic Issues - Generic doglife None 2017-05-04
Showing Up Source Code None supplied kashif No rating 2017-05-04
Subdomain Takeover at Landing.udemy.com Privilege Escalation ak_1337 Low 2017-03-30
Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate Improper Authentication - Generic caffeinewriter No rating 2017-03-26
Critical : Malware and XSS file can be uploaded and executed on udemy Cross-site Scripting (XSS) - Generic csanuragjain No rating 2017-01-11
CSRF in Udemy.com Cross-Site Request Forgery (CSRF) c1231665 No rating 2017-01-11
Csrf on creating course Cross-Site Request Forgery (CSRF) oldc4u53 No rating 2017-01-10
Jenkins None supplied top High 2017-01-10
Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token Cross-Site Request Forgery (CSRF) csanuragjain No rating 2017-01-05
AWS S3 bucket writable for authenticated aws user Improper Authentication - Generic dpgribkov No rating 2017-01-05
NON VALIDATION OF SESSIONS AFTER PASSWORD CHANGE Improper Authentication - Generic w3b7ricks73r No rating 2016-09-17
Ability to add pishing links in discusion ," Bypassing uneductional Links add " Information Disclosure zeyadk No rating 2016-07-09
Stored XSS at Udemy Cross-site Scripting (XSS) - Generic ankitsingh No rating 2016-05-27
Authentication Data are not Clearing Improper Authentication - Generic khalifah No rating 2016-04-13
Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification Cross-site Scripting (XSS) - Generic decay No rating 2016-02-24
Misconfigured SPF Record Flag Violation of Secure Design Principles geekboy No rating 2016-02-23
Stored XSS Cross-site Scripting (XSS) - Generic manish121 No rating 2016-02-23
information disclosure Information Disclosure shekhar93 No rating 2016-02-07
leak receipt of another user Information Disclosure adrianbelen No rating 2015-11-13
XSS Vulnerability Cross-site Scripting (XSS) - Generic robd4k No rating 2015-11-09
XSS on https://www.udemy.com/asset/export.html Cross-site Scripting (XSS) - Generic adrianbelen No rating 2015-10-08
Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to. Violation of Secure Design Principles decay No rating 2015-09-26
xss profile Cross-site Scripting (XSS) - Generic x1622 No rating 2015-07-17
xss on autoserch Cross-site Scripting (XSS) - Generic adrianbelen No rating 2015-07-09
Multiple sub domain are vulnerable because of leaking full path Information Disclosure msarmad No rating 2015-06-25
teach.udemy.com log poison vulnerability through wordpress debug.log being publically available Code Injection mthirup No rating 2015-06-09