Filters and search

Filter and Search

Customers can search for a specific vulnerability by entering the keyword in to the Search box, or filter the vulnerabilities in their corresponding Status tab for better management:

  • By Websites
  • By CVSS Score (Common Vulnerability Scoring System - an open framework for communicating the characteristics and severity of software vulnerabilities).
  • By level of danger: critical, high, medium, low and info

Severity

CyStack Web Security provides a system of rating vulnerabilities based on their CVE, CWE and other criteria, with 5 levels:

SeverityImpactsExample types
Critical- Exploiting the vulnerability could take control of the server or other infrastructure device on which the application operates.
- Vulnerability allows escalation of privileges, from anonymous or normal user to administrator.
- Vulnerability allows stealing sensitive data such as financial, personal information of users, types of passwords, tokens, API keys.
- The attack is completely direct, there is no need to use phishing and social engineering forms to collect information from people.
Remote Code Execution, Authentication Bypass, XML External Entities Injection, SQL Injection, Database leaking
High- Exploiting the vulnerability can lead to privilege escalation, from anonymous user to normal user.
- Vulnerability can lead to data loss or disrupt access.
- Vulnerabilities that change the features designed in the product.
Stored XSS, CSRF at sensitive pages, IDOR, SSRF
Medium- Usually, attackers must use phishing and social engineering techniques to collect information from victims to reach the system.
- Exploitation requires the attacker to operate on an intranet zone with the target.
- Mining yields only a very limited amount of information.
- Vulnerabilities require higher user permissions for successful exploitation.
Reflective XSS, URL redirect, CSRF at less sensitive pages
Low- The attack has a very low impact on the target's operations and data.
- Exploiting often requires physical or local access
SSL misconfigurations, SPF misconfiguration, Self-XSS
Information- The vulnerabilities are not functionally exploitable.
- The vulnerability is by design or the risk it poses is considered acceptable.
Debug information, Using CAPTCHAs, Code obfuscation, Rate limiting.

CVSS score

CVSS

CyStack Web Security also provides information about vulnerabilities following CVSS v2, including CVSS v2 Score and CVSS v2 Vector, shown in Vulnerability Details.

Was this helpful?
Need more help?