Summary
Acunetix 360 detected that a weak secret is used in Express sessions.
The Express web application uses the express-session middleware. The middleware stores a session id in a cookie and uses a secret key to sign it for protection against data tampering. The application is using a weak/known secret key and Acunetix 360 managed to guess this key.
Impact
An attacker can tamper the session id in the cookie.
Actions To Take
Change the value of the secret key to a long random string.