OpenVAS: Re: NVT Description

[Sebastien Aucouturier <s.aucouturier () itrust fr>]

> > OVERVIEW  (MANDATORY)
> > DESCRIPTION (MANDATORY)
> What would be the difference between these two?
> Or in other words: How would you specify content
> for these?

as example :  12planet_chat_server_xss.nasl

now :

 desc = "
Synopsis :

The remote host contains a CGI which is vulnerable to a cross-site 
scripting
issue.

Description :

The remote host is using 12Planet Chat Server.

There is a bug in this software which makes it vulnerable to cross site
scripting attacks.

An attacker may use this bug to steal the credentials of the legitimate 
users
of this site.

Solution :

Upgrade to the newest version of this software";

 script_description(desc);


can become :

  script_summary("Checks for the presence of an XSS bug in 12Planet 
Chat Server.");
  script_overview("The remote host contains a CGI which is vulnerable 
to a cross-site scripting issue.");
  script_desc("The remote host is using 12Planet Chat Server. There is 
a bug in this software which makes it vulnerable to cross site scripting 
attacks. An attacker may use this bug to steal the credentials of the 
legitimate users of this site.");
  script_tag(name:"solution", value:"Upgrade to the newest version of 
this software");

idea is also to remove extra blank line between 'chapter' and let 
reporting tools cut line as their own.
do you agree ?



> > VULNERABLE SYSTEMS (OPTIONAL)
> Perhaps name it just "Affected"?
yes, agreed.



--
"Le saviez-vous ? la technologie d'ITrust va sécuriser le cloud 
français"
    | Sébastien AUCOUTURIER | Responsable R&D
    | ITrust | 55 L'Occitane 31670 LABEGE
    | Email: s.aucouturier () itrust fr
    | Fixe Sdt. 05.67.34.67.80
    | IT Security Services & SaaS Editor
_______________________________________________
Openvas-plugins mailing list
Openvas-plugins () wald intevation org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins