Cyver Core natively imports XML files from Invicti.
Invicti is a web application security scanner designed for DAST, with built-in issue validation. Those web application and dynamic application security testing scans can be imported to Cyver Core manually through the finding uploader (in bulk) or automatically with the API.
Findings Field Mapping
| Field | Values | Example |
| Code | default: auto-generated |
|
| Title | <vulnerability> <title>Out-of-date Version (Apache)</title> </vulnerability> |
|
| Type | Vulnerability Observation |
|
| Assets | <vulnerability> <url>http://ssh.driikolu.fr/</url> </vulnerability> |
|
| Description | <vulnerability> <description><![CDATA[ <p>Invicti Standard identified you are using an out-of-date version of Apache.</p> ]]></description> </vulnerability> |
|
| Occurrence | ||
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<vulnerability> <severity>Critical</severity> </vulnerability> |
| CVSS20Score | <classification> <CVSSScore>5.0</CVSSScore> </classification> |
|
| CVSS20Vector | <classification> <CVSSVector>CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</CVSSVector> </classification> |
|
| CVSS30Score | ||
| CVSS30Vector | ||
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | <vulnerability> <impact><![CDATA[ <div>Since this is an old version of the software, it may be vulnerable to attacks.</div> ]]></impact> </vulnerability> |
|
| Likelihood | 0 1 2 3 4 5 default: 0 |
<vulnerability> <certainty>90</certainty> </vulnerability> |
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
<classification> <CWE>1035, 937</CWE> </classification> |
| CVEList | for example: CVE-1; CVE-721 |
<knownvulnerabilities> <knownvulnerability> <references>CVE-2022-36760</references> ... </knownvulnerability> ... </knownvulnerabilities> |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | ||
| Recommendation | <vulnerability> <remedy><![CDATA[ <div><p>Please upgrade your installation of Apache to the latest stable version.</p></div> ]]></remedy> </vulnerability> |
|
| External References | ||
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | ||
| Evidence Results | ||
| Evidence Issue Details |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).