OVERVIEW (MANDATORY)
DESCRIPTION (MANDATORY)
What would be the difference between these two?
Or in other words: How would you specify content
for these?
as example : 12planet_chat_server_xss.nasl
now :
desc = "
Synopsis :
The remote host contains a CGI which is vulnerable to a cross-site
scripting
issue.
Description :
The remote host is using 12Planet Chat Server.
There is a bug in this software which makes it vulnerable to cross site
scripting attacks.
An attacker may use this bug to steal the credentials of the legitimate
users
of this site.
Solution :
Upgrade to the newest version of this software";
script_description(desc);
can become :
script_summary("Checks for the presence of an XSS bug in 12Planet
Chat Server.");
script_overview("The remote host contains a CGI which is vulnerable
to a cross-site scripting issue.");
script_desc("The remote host is using 12Planet Chat Server. There is
a bug in this software which makes it vulnerable to cross site scripting
attacks. An attacker may use this bug to steal the credentials of the
legitimate users of this site.");
script_tag(name:"solution", value:"Upgrade to the newest version of
this software");
idea is also to remove extra blank line between 'chapter' and let
reporting tools cut line as their own.
do you agree ?
VULNERABLE SYSTEMS (OPTIONAL)
Perhaps name it just "Affected"?
yes, agreed.
--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud
français"
| Sébastien AUCOUTURIER | Responsable R&D
| ITrust | 55 L'Occitane 31670 LABEGE
| Email: [email protected]
| Fixe Sdt. 05.67.34.67.80
| IT Security Services & SaaS Editor
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
