In a few cases (on a few different apps), I've seen cases where AppScan Enterprise will show XSS in the status log (message is in red, identifying a discovered vulnerability). When the scan completes, the reports are empty. Can someone provide some background on this behavior?
Does it take a certain threshold for AppScan to report on a vulnerability (e.g. 3 variations of XSS)? Do the reports and the status log have potentially different thresholds?
Pinned topic XSS in status log but not in report?
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2013-02-19T21:48:13Z at 2013-02-19T21:48:13Z by warrenm1
warrenm1 270001F39C224 Posts
Re: XSS in status log but not in report?2013-02-19T21:48:13ZThis is the accepted answer. This is the accepted answer.Hi,
This is a defect in the scan log of ase 8.6x, they aren't real vulnerabilities just bogus entries in the log. If you contact appscan support they can provide a testfix for the issue, it will also be fixed in the next version