Information Disclosure - Sensitive Information in Browser sessionStorage
- Risk:
Low
- Type:
- Client Passive
- CWE:
- 200
- Summary
- Sensitive Information appears to have been stored in browser sessionStorage. This can violate PCI and most organizational compliance policies. For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
- Solution
- Do not store sensitive information in browser storage.
- Other info
- The following data (key=value) was set which matches the pattern for email addresses: key=value Note that alerts will only be raised once for each URL + key.