Public Udemy bug reports.

Team Bounty Title
Udemy - No password length restriction
Udemy - CSRF Token
Udemy - Violation of secure design principle
Udemy - Weak Password
Udemy - sweet32
Udemy - CSRF Token Design Flaw
Udemy $50 Subdomain Takeover at
Udemy $300 Completed Compromise & Source Code Disclosure via Exposed Jenkins Dashboard at
Udemy $200 Jenkins
Udemy $50 Content Spoofing in udemy
Udemy - Udemy s3 storage can be used by an attacker personal website because of missing CSRF Token
Udemy - Critical : Malware and XSS file can be uploaded and executed on udemy
Udemy - Csrf on creating course
Udemy - Showing Up Source Code
Udemy $50 Stored XSS at Udemy
Udemy - AWS S3 bucket writable for authenticated aws user
Udemy $150 Session Takeover vulnerability
Udemy $150 Able to view others' gifts on /gift/share URL, giftId is predictable, and easy to manipulate
Udemy - Stored XSS
Udemy $25 CSRF in
Udemy - Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification
Udemy $100 XSS Vulnerability
Udemy $50 information disclosure
Udemy $150 Extremely high Course rating values could be set in order to make really high Average rating of the course. Negative values could be set to.
Udemy $150 Multiple sub domain are vulnerable because of leaking full path
Udemy $100 XSS on
Udemy $100 Ability to add pishing links in discusion ," Bypassing uneductional Links add "
Udemy $150 leak receipt of another user
Udemy $100 xss on autoserch
Udemy - Misconfigured SPF Record Flag
Udemy $150 log poison vulnerability through wordpress debug.log being publically available
Udemy $150 xss profile