Information Disclosure - Sensitive Information in Browser sessionStorage
- Risk:
Low
- Type:
- Client Passive
- CWE:
- CWE-200
- Summary
Sensitive Information appears to have been stored in browser sessionStorage. This can violate PCI and most organizational compliance policies.
For more details see the Client tabs - this information was set directly in the browser and will therefore not necessarily appear in this form in any HTTP(S) messages.
- Solution
Do not store sensitive information in browser storage.
- Other info
- The following data (key=value) was set which matches the pattern for email addresses: key=value Note that alerts will only be raised once for each URL + key.
Oracle silently fixes zero-day exploit leaked by ShinyHunters
North Korean Hackers Use EtherHiding to Hide Malware Inside Blockchain Smart Contracts
Another remotely exploitable Oracle EBS vulnerability requires your attention (CVE-2025-61884)
New Android Pixnapping attack steals MFA codes pixel-by-pixel
CVE-2021-43226 Microsoft Windows Privilege Escalation Vulnerability
CVE-2025-59230 Microsoft Windows Improper Access Control Vulnerability
CVE-2016-7836 SKYSEA Client View Improper Authentication Vulnerability
CVE-2013-3918 Microsoft Windows Out-of-Bounds Write Vulnerability
CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability
CVE-2025-6264 Rapid7 Velociraptor Incorrect Default Permissions Vulnerability
CVE-2011-3402 Microsoft Windows Remote Code Execution Vulnerability
CVE-2023-50224 TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability
CVE-2007-0671 Microsoft Office Excel Remote Code Execution Vulnerability
HighSQL Injection
InformationalNon-Storable Content
HighXPath Injection
MediumELMAH Information Leak
Free online web security scanner