Nexpose includes a framework for creating complex vulnerability checks using a
simple XML format. Nexpose vulnerability checks are split across two or more
files which are parsed by Nexpose when the scan engine is started.
There are 2 types of XML files that make up a vulnerability check:
* Vulnerability descriptor : A file ending in the .xml extension which contains
information about a specific vulnerability (title, description, severity, CVE
IDs, CVSS score, etc.).