This application contains one or more pages with what appears to be a session token in the query parameters. A session token is sensitive information and should not be stored in the URL. URLs could be logged or leaked via the Referer header.


The session should be maintained using cookies (or hidden input fields).

Related Vulnerabilities