Coursera


reports in last 90 days

6

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium No Password Verification on Changing Email Address Cause Account takeover

Violation of Secure Design Principles nohack Time to triage: 0 Days and 0 hours


Time to close: 138 Days and 20 hours
Resolved

None [www.coursera.org] Leaking password reset link on referrer header

Violation of Secure Design Principles flex0geek Time to triage: 1 Days and 3 hours


Time to close: 5 Days and 20 hours
Resolved

Medium XSS Stored

Cross-site Scripting (XSS) - Generic pain_ Time to triage: 3 Days and 0 hours


Time to close: 7 Days and 1 hours
Resolved

High Stored XSS via transloadit.com and imageproxy

Cross-site Scripting (XSS) - Stored c0rdis Time to triage: 13 Days and 19 hours


Time to close: 203 Days and 3 hours
Resolved

No rating XSS in https://www.coursera.org/courses/

Cross-site Scripting (XSS) - Generic secalert Time to triage: 0 Days and 0 hours


Time to close: 0 Days and 5 hours
Resolved

No rating Broken authentication and session management flaw

Improper Authentication - Generic babayaga_ Time to triage: 0 Days and 8 hours


Time to close: 0 Days and 0 hours
Resolved