All Collections
Submission management
How to write a 'Summarized impact'
How to write a 'Summarized impact'
Written by Lise
Updated over a week ago

The 'Summarized impact' field in a submission serves as a brief summary of the potential consequences of the identified vulnerability to the company running the Hybrid program. It’s a key component that’s only available on submissions for Hybrid Pentests. A well-defined 'Summarized impact' field helps customers gain a quick overview of your vulnerability’s impact on the program’s letter of attestation (which is shared with the customer after the completion of the engagement). It also helps the Intigriti Hybrid team creating this final report!

Please have a look at the ‘Impact’ guide first to understand and learn how to properly specify the impact of a vulnerability.

What to include

Please provide a very concise summary of the impact in one sentence.

Generally, we’re looking for the following structure:

  • Fixed sentence start: “This vulnerability would have allowed an attacker […]

  • Which action was the attacker able to perform? Choose a specific verb to continue your summary: exploit, elevate, access, overwrite, inject, query, …

  • Complete your summary as you see fit.

Some examples:

“This vulnerability would have allowed an attacker to elevate their privileges from a standard user role to an admin role”

“This vulnerability would have allowed an attacker to inject malicious JavaScript into the browser session of a victim”

“This vulnerability would have allowed an attacker to query internal servers which are not supposed to be exposed to the public”

Do's and Don'ts

To avoid common mistakes when filling out the 'Summarized impact' field, consider the following do's and don'ts:


  • Summarize your detailed impact description in one sentence.

  • Be specific yet detailed in your descriptions (e.g. which role, which part of the application, etc.).

  • Use quantifiable terms when possible (e.g., number of affected users).


  • Copy and paste the detailed impact description into this field.

Did this answer your question?