Topic
1 reply Latest Post - ‏2013-02-19T21:48:13Z by warrenm1
SystemAdmin
SystemAdmin
404 Posts
ACCEPTED ANSWER

Pinned topic XSS in status log but not in report?

‏2013-02-15T21:48:52Z |
Greetings --

In a few cases (on a few different apps), I've seen cases where AppScan Enterprise will show XSS in the status log (message is in red, identifying a discovered vulnerability). When the scan completes, the reports are empty. Can someone provide some background on this behavior?

Does it take a certain threshold for AppScan to report on a vulnerability (e.g. 3 variations of XSS)? Do the reports and the status log have potentially different thresholds?
Updated on 2013-02-19T21:48:13Z at 2013-02-19T21:48:13Z by warrenm1
  • warrenm1
    warrenm1
    207 Posts
    ACCEPTED ANSWER

    Re: XSS in status log but not in report?

    ‏2013-02-19T21:48:13Z  in response to SystemAdmin
    Hi,
    This is a defect in the scan log of ase 8.6x, they aren't real vulnerabilities just bogus entries in the log. If you contact appscan support they can provide a testfix for the issue, it will also be fixed in the next version

    Regards,