logo

Information Disclosure - Sensitive Information in Browser sessionStorage

  • Risk:
  • Low

  • Type:
  • Client Passive
Summary

Sensitive Information appears to have been stored in browser sessionStorage. This can violate PCI and most organizational compliance policies.

For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.

Solution

Do not store sensitive information in browser storage.

Other info
The following data (key=value) was set which matches the pattern for email addresses: key=value Note that alerts will only be raised once for each URL + key.

Free security scan for your website