Information Disclosure - Sensitive Information in Browser sessionStorage
- Risk:
Low
- Type:
- Client Passive
- CWE:
- CWE-200
- Summary
Sensitive Information appears to have been stored in browser sessionStorage. This can violate PCI and most organizational compliance policies.
For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
- Solution
Do not store sensitive information in browser storage.
- Other info
- The following data (key=value) was set which matches the pattern for email addresses: key=value Note that alerts will only be raised once for each URL + key.
Hackers launch mass attacks exploiting outdated WordPress plugins
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Critical WSUS flaw in Windows Server now exploited in attacks
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Mozilla: New Firefox extensions must disclose data collection practices
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
The Cybersecurity Perception Gap: Why Executives and Practitioners See Risk Differently
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2025-55177 Meta Platforms WhatsApp Incorrect Authorization Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
InformationalGET for POST
InformationalSec-Fetch-User Header Has an Invalid Value
HighPath Traversal
InformationalRetrieved from Cache
CWE-161 Improper Neutralization of Multiple Leading Special Elements
CWE-1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters
CWE-1258 Exposure of Sensitive System Information Due to Uncleared Debug Information
CWE-1189 Improper Isolation of Shared Resources on System-on-a-Chip (SoC)
Free online web security scanner