Hello, I did a scan in the client area with www.zaproxy.org on my hosting site and I have a very high risk notification
PII Disclosure with URL *url only in private* is on a product
Description: The response contains Personally Identifiable Information, such as CC number, SSN and similar sensitive data.
Risk High
Confidence High
Parameter
Attack
Evidence 5045475064504148414
CWE Id 359
WASC Id 13
Other Info Credit Card Type detected: Maestro Bank Identification Number: 504547 Brand: MAESTRO Category: Issuer:
Solution Check the response for the potential presence of personally identifiable information (PII), ensure nothing sensitive is leaked by the application.
References
I am using whmcs version 8.8.0
