diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md
index d8b4aad6..d892ed57 100644
--- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md
+++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/non_sensitive_token/template.md
@@ -1,4 +1,4 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the local storage which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a non-sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the token can be captured by an attacker using Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF), allowing them to gather relevant user data and leverage this information to build phishing campaigns.
 
 **Business Impact**
 
@@ -6,18 +6,13 @@ This vulnerability can lead to data theft through the attacker’s ability to ac
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive token
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the non-sensitive token exposed via the local storage:
+The following screenshot shows the non-sensitive token exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}
diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md
index b5b3579c..3cd9788c 100644
--- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md
+++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/sensitive_token/template.md
@@ -1,4 +1,4 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the local storage which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses a sensitive token in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive token can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally reset a legitimate user’s account password to one they control, successfully taking over the user’s account.
 
 **Business Impact**
 
@@ -6,18 +6,13 @@ This vulnerability can lead to data theft through the attacker’s ability to ma
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive token
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the sensitive token exposed via the local storage:
+The following screenshot shows the sensitive token exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}
diff --git a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md
index aaa09c0e..b6225d38 100644
--- a/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md
+++ b/submissions/description/sensitive_data_exposure/via_localstorage_sessionstorage/template.md
@@ -1,4 +1,4 @@
-Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the local storage which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.
+Local storage, also known as offline, web, or session storage, is the underlying storage mechanism which varies from one user agent to the next. This application discloses sensitive data in the `localStorage`/`sessionStorage` which is accessible by JavaScript. As a result, the sensitive data can be captured by an attacker using Cross-Site Scripting (XSS), allowing them to locally access the sensitive data and use it in further attacks.
 
 **Business Impact**
 
@@ -6,18 +6,13 @@ This vulnerability can lead to data theft through the attacker’s ability to ac
 
 **Steps to Reproduce**
 
-1. Enable a HTTP interception proxy, such as Burp Suite or OWASP ZAP
 1. Use a browser to navigate to: {{URL}}
-1. Using the HTTP interception proxy, forward the following request:
-
-```HTTP
-{{request}}
-```
-
-1. Observe the exposed sensitive data
+1. Right click on the page, select Inspect, then select Storage, then Local (or Session) Storage
+1. Observe the exposed sensitive token: {{screenshot}}
+1. In a new private browser window, perform {{action}} to show that the token in `localStorage`/`sessionStorage` can be used to access a user's session or data: {{replace these brackets with a screenshot}}
 
 **Proof of Concept (PoC)**
 
-The following screenshot shows the sensitive data exposed via the local storage:
+The following screenshot shows the sensitive data exposed via the `localStorage`/`sessionStorage`:
 
 {{screenshot}}