Vulnerability with different criticality
I have a question with a vulnerability "Cross-Site Scripting: DOM", when doing two different scans I get this vulnerability in both but with different level of criticality, does anyone know what this is?
Re: Vulnerability with different criticality
Was this with Fortify SCA (SAST) or Fortify WebInspect (DAST)?
Often times if there are similarly named Issues with different severity levels, it may be due to the Fortify Priority Order calculation. There are better explanations in the product docs somewhere, but I would paraphrase them as follows:
- Critical = Easy to Exploit and Very Damaging
- High = Hard to Exploit and Very Damaging
- et al
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify