Merge pull request #473 from bugcrowd/In-the-Background

Update to template for Sensitive Token in URL in background request

submissions/description/sensitive_data_exposure/sensitive_token_in_url/in_the_background/template.md

@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Sensitive data can be exposed when it is not behind an authorization barrier. When this information is exposed it can place the application at further risk of compromise. The application discloses a sensitive token in the URL in the background which, if captured by an attacker, can be used to escalate privileges or authorize API calls within the application.
+Sensitive data can be exposed when it is not behind an authorization barrier. When this information is exposed it can place the application at further risk of compromise. The application discloses a sensitive token in the URL in background requests which are not seen in the main user interface. If captured by an attacker, these sensitive tokens can be used to escalate privileges or authorize API calls within the application.
 
 ## Business Impact
 
@@ -11,10 +11,10 @@ Disclosure of a sensitive token in the URL in the background could lead to data
 ## Steps to Reproduce
 
 1. Use a browser to navigate to: {{URL}}
-1. Observe the exposed token in the URL
+1. Observe the exposed token in the URL of a background request
 
 ## Proof of Concept (PoC)
 
-The following screenshot shows the sensitive token in the URL:
+The following screenshot shows the sensitive token:
 
 {{screenshot}}