Invicti detected that your web application is transmitting passwords over query string.
A password is sensitive data and shouldn't be transmitted over query string. There are several information-leakage scenarios:
Do not send any sensitive data through query string.
You can search and find all vulnerabilities