• 1 reply
  • Latest Post - ‏2013-02-19T21:48:13Z by warrenm1
403 Posts

Pinned topic XSS in status log but not in report?

‏2013-02-15T21:48:52Z |
Greetings --

In a few cases (on a few different apps), I've seen cases where AppScan Enterprise will show XSS in the status log (message is in red, identifying a discovered vulnerability). When the scan completes, the reports are empty. Can someone provide some background on this behavior?

Does it take a certain threshold for AppScan to report on a vulnerability (e.g. 3 variations of XSS)? Do the reports and the status log have potentially different thresholds?
  • warrenm1
    224 Posts

    Re: XSS in status log but not in report?

    This is a defect in the scan log of ase 8.6x, they aren't real vulnerabilities just bogus entries in the log. If you contact appscan support they can provide a testfix for the issue, it will also be fixed in the next version