Example Scan Results

Here's what a typical vulnerability scan report looks like. Each finding includes severity rating, CVSS score, OWASP category mapping, evidence, and actionable remediation guidance.

Note: These are illustrative examples. Actual results vary based on the target website.

example-corp.com

Scanned March 15, 2026 at 14:32 UTC

1 Critical1 High1 Medium1 Low1 Info

criticalCVSS 9.8A06

CVE-2024-21762 - FortiOS Out-of-Bound Write

Sources

NVDCISA KEV

Evidence

Detected FortiOS v7.4.2 running on target. This version is vulnerable to unauthenticated remote code execution via crafted HTTP requests.

Remediation

Upgrade FortiOS to v7.4.3 or later immediately. This CVE is actively exploited in the wild and listed in CISA KEV.

highCVSS 7.1A05

Missing Content-Security-Policy Header

Sources

Mozilla ObservatoryActive Scan

Evidence

No Content-Security-Policy header found on any response. Site is vulnerable to XSS and data injection attacks.

Remediation

Implement a strict CSP header: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:;

mediumCVSS 5.3A02

TLS 1.0/1.1 Enabled

Sources

SSLyze

Evidence

Server accepts TLS 1.0 and TLS 1.1 connections, both deprecated since 2020.

Remediation

Disable TLS 1.0 and TLS 1.1 in server configuration. Only allow TLS 1.2 and TLS 1.3.

lowCVSS 3.1A05

Server Version Disclosure

Sources

Active Scan

Evidence

Server header reveals: Apache/2.4.51 (Ubuntu). Information disclosure aids attacker reconnaissance.

Remediation

Add 'ServerTokens Prod' and 'ServerSignature Off' to Apache configuration.

infoA06

WordPress 6.4.2 Detected

Sources

WhatWebBuiltWith

Evidence

WordPress 6.4.2 detected via meta generator tag and wp-content paths. Latest version is 6.7.1.

Remediation

Update WordPress to the latest stable version. Enable automatic security updates.

Ready to scan your website?

Get the same comprehensive assessment for your domain. No account required - results delivered to your inbox.

Scan Your Website