<?xml version="1.0"?>
<!-- SYNTETYCZNY przyklad importu Burp Suite dla /ai-truth/ipIII. Dane WYMYSLONE, host demo-app.synthetic.local nie istnieje. Import = SYGNAL narzedzia (MEDIA_SIGNAL), NIE dowod naprawy (claim<=proof). -->
<issues>
  <issue>
    <name>Cross-site scripting (reflected)</name>
    <host ip="203.0.113.10">https://demo-app.synthetic.local</host>
    <path>/search?q=</path>
    <location>/search?q= [q parameter]</location>
    <severity>High</severity>
    <confidence>Certain</confidence>
    <issueBackground><![CDATA[Parametr q jest odbijany w odpowiedzi HTML bez enkodowania. PRZYKLAD SYNTETYCZNY.]]></issueBackground>
    <vulnerabilityClassifications><![CDATA[<a href="https://cwe.mitre.org/data/definitions/79.html">CWE-79: Improper Neutralization of Input During Web Page Generation (Cross-site Scripting)</a>]]></vulnerabilityClassifications>
  </issue>
  <issue>
    <name>Cleartext submission of password</name>
    <host ip="203.0.113.10">https://demo-app.synthetic.local</host>
    <path>/login</path>
    <location>/login</location>
    <severity>Medium</severity>
    <confidence>Firm</confidence>
    <issueBackground><![CDATA[Formularz logowania przesyla haslo bez wymuszenia HTTPS na wszystkich sciezkach. PRZYKLAD SYNTETYCZNY.]]></issueBackground>
    <vulnerabilityClassifications><![CDATA[<a href="https://cwe.mitre.org/data/definitions/319.html">CWE-319: Cleartext Transmission of Sensitive Information</a>]]></vulnerabilityClassifications>
  </issue>
</issues>
