Information Disclosure - JWT in Browser localStorage
- Risk:
Medium
- Type:
- Client Passive
- CWE:
- CWE-200
- Summary
JWT was stored in browser localStorage.
This is dangerous because data stored in localStorage does not expire. .
- Solution
This is an informational alert and no action is necessary.
- Other info
- The following JWT was set: Key: key Header: {'alg': 'HS256', 'typ': 'JWT'} Payload: {'sub': '1234567890', 'name': 'John Doe', 'iat': 1516239022} Signature: d35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf34d76df8e7aefcd35db7e39ebbf Note that this alert will only be raised once for each URL + key.
New CoPhish attack steals OAuth tokens via Copilot Studio agents
Hackers launch mass attacks exploiting outdated WordPress plugins
Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation
Newly Patched Critical Microsoft WSUS Flaw Comes Under Active Exploitation
Critical WSUS flaw in Windows Server now exploited in attacks
APT36 Targets Indian Government with Golang-Based DeskRAT Malware Campaign
Mozilla: New Firefox extensions must disclose data collection practices
Microsoft releases urgent fix for actively exploited WSUS vulnerability (CVE-2025-59287)
CVE-2025-54236 Adobe Commerce and Magento Improper Input Validation Vulnerability
CVE-2025-61884 Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
CVE-2025-33073 Microsoft Windows SMB Client Improper Access Control Vulnerability
CVE-2022-48503 Apple Multiple Products Unspecified Vulnerability
CVE-2025-54253 Adobe Experience Manager Forms Code Execution Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
InformationalCORS Header
MediumRelative Path Confusion
InformationalObsolete Content Security Policy (CSP) Header Found
MediumHTTP Only Site
InformationalCSP: Header & Meta
InformationalStorable but Non-Cacheable Content
InformationalSec-Fetch-Dest Header is Missing
Free online web security scanner