Understanding Findings & Issues
When seeshare scans your domain, it produces findings — individual vulnerabilities, misconfigurations, or compliance issues — grouped into issues for easier tracking. This article explains how severity levels and security scores are calculated, how to view and interpret findings, and how to prioritize remediation.
Understanding Findings & Issues
When seeshare scans your domain, it produces findings — individual vulnerabilities, misconfigurations, or compliance issues detected by the scanning tools. Related findings are grouped into issues for easier tracking and remediation.
Severity Levels
Every finding is assigned a severity based on its CVSS v3.1 score. Critical (9.0–10.0) means an immediate, easily exploitable threat that should be fixed immediately. High (7.0–8.9) is a serious vulnerability that should be fixed as soon as possible. Medium (4.0–6.9) is a moderate risk requiring some conditions to exploit — plan to fix soon. Low (0.1–3.9) is a minor risk with limited impact — fix when convenient. Info (0.0) is informational with no security impact, worth reviewing for awareness.
Security Score & Grades
Your overall security score is calculated on a 0–100 scale and mapped to a letter grade: A (90–100, top 10% of websites), B (80–89, top 25%), C (70–79, above average), D (60–69, below average), and F (below 60, bottom 10%). The score starts at an industry median baseline of 85 and deducts points based on the CVSS severity of each vulnerability. OWASP Top 10 vulnerabilities receive an additional 20% penalty, and more severe issues have a proportionally larger impact on your score.
Viewing Findings
From a domain, go to Domains, click your domain, and open the Findings tab. Findings are listed by severity with Critical first, and each shows the title, severity, CVSS score, affected URL, and the tool that detected it.
From the Issues page, go to Issues in the sidebar to view all vulnerabilities across all your domains in one place. You can filter by severity, status, domain, or tool.
Finding Details
Click any finding to see its full detail page, which includes a plain-language description of the vulnerability, CVSS score and breakdown, affected URLs or endpoints, step-by-step remediation guidance, business impact analysis, OWASP Top 10 mapping where applicable, responsibility (developer, sysadmin, or hosting provider), and the tool that detected it.
Issue Statuses
Each issue moves through a lifecycle tracked by status. Open means detected and unresolved. Confirmed means manually verified as a real issue. False Positive means marked as not actually a vulnerability. Fixed means remediated and verified in a subsequent scan. Accepted Risk means acknowledged but intentionally not fixed.
Prioritizing Remediation
Address issues in this order: Critical severity first (actively exploitable and capable of severe damage), then High severity, then OWASP Top 10 vulnerabilities (the most common and well-known attack vectors), then issues affecting multiple pages (broader impact means higher priority), then Medium severity (plan into your regular development cycle), and finally Low severity (address during routine maintenance).
Comparing Across Scans
The History tab on your domain detail page lets you compare findings between scans, see which issues are new versus recurring, track which have been fixed, and monitor your security trend over time.
Using the AI Assistant
For any finding you're unsure how to fix, select it and open the AI Assistant for contextual security guidance.