it's is a p3 bug you check this is bugcrowd vrt(vulnerability-rating-taxonomy)

None

check some hackerone repots

Hiro disclosed on HackerOne: EXIF Geolocation Data Not Stripped...

The Blockstack Browser does not strip EXIF data on avatar uploads.

hackerone.com

GitLab disclosed on HackerOne: EXIF metadata not stripped from JPG...

Note that this report was submitted 2 ago and reports related to EXIF metadata not being stripped aren't accepted…

hackerone.com

now lets see how can we find this bug..

first go to your target website and create an account

after login and go to your profile upload an image to your profile

None

after copy that image like shown in the below image

None

after copying that image

go to this website : https://jimpl.com/

paste that image url like this

None

if it's show location and some other sensitive information

None

if you found like this congrats it's a chance to get paid

some other websites to check exit metadata

https://pics.io/photo-metadata-viewer

Online EXIF Viewer

Secure online EXIF viewer tool, perfect for viewing image and meta data including GPS location, camera make/model and…

onlineexifviewer.com

EXIF / File Metadata Viewer

EXIF.tools runs exiftool to extract all metadata about an uploaded or internet-located object. Exif.tools is not…

exif.tools

EXIF Data Viewer

EXIF is short for Exchangeable Image File, a format that is a standard for storing interchange information in digital…

exifdata.com

thankyou…

JAISHREERAM