Good day! Have anyone encountered these two findings on Odoo CE 10 after a Vulnerability Assessment and Penetration Testing?

1. Link Manipulation DOM-BASED

2. Session token

Can you please share how we can resolve this? Is this solvable through a step of super admin configurations only or should this be fixed on a code level? Thank you in advance, will appreciate very much any ideas or answers.