sift
Sign inStart free
engineering

Security Vulnerability

Security vulnerability reports come from automated scanners, penetration testers, and bug bounty researchers in vastly different formats. This template normalises them into affected component, vulnerability type, CVSS-style severity, attack vector, proof of concept, and recommended remediation, enabling your security team to triage and prioritize consistently.

See it in action

What users type

Security report from Jake Underwood (jake@whitehatsec.io). I found an IDOR vulnerability in your API endpoint GET /api/v2/forms/:formId/submissions. By incrementing the formId parameter, an authenticated user can access submission data belonging to other organisations. I was able to read 15 other orgs' form submissions from my test account. No rate limiting on the endpoint either. This is high severity since it exposes PII. Recommend adding organisation-scoped authorisation checks on all resource endpoints and implementing rate limiting.

What you get

Reporter

Jake Underwood

99%
Email

jake@whitehatsec.io

99%
Vulnerability Type

IDOR

99%
Affected Component

GET /api/v2/forms/:formId/submissions

99%
Severity

High

96%
Description

Authenticated users can access other organisations' form submissions by incrementing formId parameter. No rate limiting. PII exposure confirmed across 15 organisations from test account.

97%
Recommended Remediation

Add organisation-scoped authorisation checks on all resource endpoints; implement rate limiting

95%

Extracted fields

FieldTypeRequired
ReportertextRequired
EmailemailRequired
Vulnerability TypeselectRequired
Affected ComponenttextRequired
SeverityselectRequired
DescriptiontextRequired
Recommended RemediationtextOptional

Use this template

Sign up and select “Security Vulnerability” from the template gallery. Customise any field before going live.

Start with this template — free

Related