Critical : Malware and XSS file can be uploaded and executed on udemy
U
Udemy
Submitted None
Team Summary
Official summary from Udemy
The investigator found that he can upload any file type to our upload bucket. That is intended behavior - file content is enforced before moving it out of our upload bucket.
Actions:
Reported by
csanuragjain
Report Details
Additional information and metadata
State
Closed
Substate
Informative
Submitted
Weakness
Cross-site Scripting (XSS) - Generic