From da33b92c5a74b8ed13b459a7856664f4f2babfb0 Mon Sep 17 00:00:00 2001
From: Ryan Rudder <96507400+RRudder@users.noreply.github.com>
Date: Fri, 19 May 2023 11:30:20 +1000
Subject: [PATCH] Update to template for Sensitive Token in URL in background
 request

---
 .../sensitive_token_in_url/in_the_background/template.md    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/submissions/description/sensitive_data_exposure/sensitive_token_in_url/in_the_background/template.md b/submissions/description/sensitive_data_exposure/sensitive_token_in_url/in_the_background/template.md
index a0791157..631a9313 100644
--- a/submissions/description/sensitive_data_exposure/sensitive_token_in_url/in_the_background/template.md
+++ b/submissions/description/sensitive_data_exposure/sensitive_token_in_url/in_the_background/template.md
@@ -2,7 +2,7 @@
 
 ## Overview of the Vulnerability
 
-Sensitive data can be exposed when it is not behind an authorization barrier. When this information is exposed it can place the application at further risk of compromise. The application discloses a sensitive token in the URL in the background which, if captured by an attacker, can be used to escalate privileges or authorize API calls within the application.
+Sensitive data can be exposed when it is not behind an authorization barrier. When this information is exposed it can place the application at further risk of compromise. The application discloses a sensitive token in the URL in background requests which are not seen in the main user interface. If captured by an attacker, these sensitive tokens can be used to escalate privileges or authorize API calls within the application.
 
 ## Business Impact
 
@@ -11,10 +11,10 @@ Disclosure of a sensitive token in the URL in the background could lead to data
 ## Steps to Reproduce
 
 1. Use a browser to navigate to: {{URL}}
-1. Observe the exposed token in the URL
+1. Observe the exposed token in the URL of a background request
 
 ## Proof of Concept (PoC)
 
-The following screenshot shows the sensitive token in the URL:
+The following screenshot shows the sensitive token:
 
 {{screenshot}}