Contact Support


Scan Results Report

Netsparker reports include detailed information about the scan in general and each vulnerability in particular.

The Scan Report includes general information, such as:

  • The Risk Level of the scan
  • The number of vulnerabilities Identified and Confirmed
  • Doughnut charts showing Identified Vulnerabilities and Confirmed Vulnerabilities by severity level number
  • A Vulnerability Summary with a list of each vulnerability with information on its confirmation, vulnerability name, method, URL, and parameter

Specific information on each vulnerability is displayed in a series of sections explained in the tables below.

Not all reports on particular vulnerabilities contain all these fields.

Report Fields in Netsparker Enterprise and Netsparker Standard

This table lists and explains the Report fields for Scan Results that are displayed in both Netsparker Enterprise and Netsparker Standard.




This is the name of the detected vulnerability.

Vulnerability Severity Level

This is the number of vulnerabilities with the same severity level.

Number Confirmed

This is the number of confirmed vulnerabilities of this type.


This is a definition and explanation of the vulnerability type.


This is the type of successful attack that an attacker can mount because of the vulnerability.

Known Vulnerabilities in this Version

This is a list of the known vulnerabilities in various software, such as Microsoft applications, along with information on:

  • Affected Versions
  • External References
  • Identified Version
  • Vulnerability Database


These are the vulnerability details, such as:

  • URL
  • Method, Parameter, and Value
  • Input Name
  • Form target action
  • Proof of Exploit
  • Request and Response


This is further information on the condition in which the vulnerability is exploitable.


This is a bar that shows the degree to which the vulnerability is confirmed.

Proof of Exploit

A proof of exploit is used to report the data that can be extracted from the vulnerable target once the vulnerability is exploited, demonstrating the impact an exploited vulnerability can have and proving that it is not a false positive.

Actions to Take

These are practical steps to deal with the vulnerability now.


These are methods for mitigating the threat of each vulnerability.

Required Skills for Successful Exploitation

Explanation of required skill and profile of possible attackers.

External References

These are links to relevant websites and blogs for understanding the vulnerability.

Remedy References

These are links to relevant websites and blogs for preventing the vulnerability.

Proof of Concept Notes

This is further information on the Proof of Concept.


This is a vulnerability rating according to:

  • various recognised bodies (PCI, OWASP, ISO etc.)
  • the Common Vulnerability Scoring System (CVSS) 3.0 Score and Vector String

Show/Hide Scan Details

This provides further technical details of the scan, such as:

  • Enabled Security Checks
  • URL Rewrite Mode
  • Detected URL Rewrite Rule(s)
  • Excluded URL Patterns
  • Authentication
  • Scheduled
  • Additional Website(s)

Highly accurate, fast & easy-to-use Web Application Security Scanner