Cyver Core imports Acunetix findings and reports directly via XML.
That's true whether you're running Invicti DAST, Internal app scanning agents, Mend SAST, or using Acunetix for CI/CD, RBAC, or API security. Simply export your files to XML and import directly into Cyver Core.
Are you automating or running real-time scans? Automate your Acunetix import with API.
Findings Field Mapping
| Field | Values | Example |
| Code | Affects | |
| Title | <Name><![CDATA[Content Security Policy (CSP) not implemented]]></Name> | |
| Type | Vulnerability Observation |
<Type><![CDATA[csrf]]></Type> |
| Assets | <Affects><![CDATA[/]]></Affects> | |
| Description | <Description><![CDATA[<div class="bb-coolbox"><span class="bb-dark">This alert requires manual confirmation</span></div><br/>Cross-Site Request Forgery...]]></Description> | |
| Occurrence | New Occurrence Reoccurrence |
|
| Labels | ||
| Severity | Info Low Medium High Critical default: Info |
<Severity><![CDATA[informational]]></Severity> |
| CVSS20Score | <CVSS> <Score><![CDATA[2.6]]></Score> </CVSS> |
|
| CVSS20Vector | <CVSS> <Descriptor><![CDATA[AV:N/AC:H/Au:N/C:N/I:P/A:N]]></Descriptor> </CVSS> |
|
| CVSS30Score | <CVSS3> <Score><![CDATA[4.3]]></Score> </CVSS3> |
|
| CVSS30Vector | <CVSS3> <Descriptor><![CDATA[CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N]]></Descriptor> </CVSS3> |
|
| CVSS31Score | ||
| CVSS31Vector | ||
| CVSS40Score | ||
| CVSS40Vector | ||
| Impact | 0 1 2 3 4 5 default: 0 |
|
| ImpactDescription | <Impact><![CDATA[An attacker could use CSRF to trick a victim...]]></Impact> | |
| Likelihood | 0 1 2 3 4 5 default: 0 |
|
| LikelihoodDescription | ||
| VulnerabilityTypes | DoS CodeExecution Overflow MemoryCorruption SqlInjection XSS DirectoryTraversal HttpResponseSplitting BypassSomething GainInformation GainPrivileges CSRF FileInclusion |
|
| CWEList | for example: CWE-1; CWE-721 |
<CWEList> <CWE id="352"><![CDATA[CWE-352]]></CWE> </CWEList> |
| CVEList | for example: CVE-1; CVE-721 |
<CVEList> </CVEList> |
| MITRE ATT&CK Techniques | ||
| MITRE ATT&CK Mitigations | ||
| MITRE ATT&CK Tactics | ||
| Controls | ||
| Compliance Status | ||
| Compliance Comment | ||
| BackgroundInformation | <DetailedInformation><![CDATA[During a CSRF attack...]]></DetailedInformation> | |
| Recommendation | <Recommendation><![CDATA[Verify if this form requires anti-CSRF protection...]]></Recommendation> | |
| External References | <Reference><Database><![CDATA[Cross-site Request Forgery]]></Database><URL><![CDATA[https://en.wikipedia.org/wiki/Cross-site_request_forgery]]></URL></Reference> | |
| Status | Draft PendingFix Fixed ReadyRetest Accepted ToReview Reviewed default: Draft |
|
| Evidence Title | ||
| Evidence Location | ||
| Evidence Version | ||
| Evidence Reproduction | <Request><![CDATA[GET /h/search HTTP/1.1...]]></Request> | |
| Evidence Results | ||
| Evidence Issue Details | <Details><![CDATA[Form name: <empty> <br/>Form action: /h/search...]]></Details> |
Important Notes & Limitations
- The maximum number of findings that can be imported in a single upload is 5,000 findings.
- If your file exceeds this limit, the import may fail depending on the selected import options (e.g., aggregation settings or filtering by severity).