PII Disclosure in OMP 3.3.0.20

ZAP Proxy is showing a PII Disclosure vulnerability, but it seems is a crazy ZAP Proxy false-positive, don’t you agree? Thanks.

Hi @pchamorro,

That’s a false positive. ZAP proxy thinks our CSRF token is a bank ID :laughing:

These analysis/testing tools generally need their reports to be vetted for basic quality – they generate a lot of false positives.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like

Thank you very much.

This topic was automatically closed after 10 days. New replies are no longer allowed.