Skip to content

Security Vulnerability: JWT token stored in localStorage #13

New issue
New issue
Open
Open
Security Vulnerability: JWT token stored in localStorage#13
@Nithiesh-kumar

Description

@Nithiesh-kumar
Nithiesh-kumar
opened on Jan 9, 2026

Description

The frontend stores authentication tokens and user data in browser
localStorage. Since localStorage is accessible to JavaScript, this
creates a security risk if any XSS vulnerability exists.

Evidence

Token access is observed in the following files:

  • frontend/src/services/api.js
  • frontend/src/context/AuthContext.jsx

Example:

const token = localStorage.getItem('token');

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions