Cyver Core offers a Burp XML importer for Burp Suite Professional and Burp Suite Community products. To use it, simply export your Burp results to XML and import directly to Cyver Core from the Import Findings tab. Imports are available for the full Burp toolkit.
Cyver Core also supports Burp's web vulnerability scanner. You can import these findings manually or automatically via API.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated | |
| Title | <issue> <name><![CDATA[Cross-domain script include]]></name> </issue> | |
| Type | <issue> <type>5244160</type> </issue> | |
| Assets | ||
| Description | ||
| Occurrence | New Occurrence Reoccurrence | |
| Labels | ||
| Severity | Info Low Medium High Critical default: Info | <issue> <severity>Information</severity> </issue> |
| CVSS20Score | ||
| CVSS20Vector | ||
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 | |
| ImpactDescription | ||
| Likelihood | 0 1 2 3 4 5 default: 0 | |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion | |
| CWEList | for example: CWE-1; CWE-721 | |
| CVEList | for example: CVE-1; CVE-721 | |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <issue> <issueBackground><![CDATA[<p>When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.</p> <p>If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application. </p>]]></issueBackground></issue> | |
| Recommendation | ||
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft | |
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).