CVE Lab Content Standard
Use labs/common-vulnerabilities/cve-2021-44228.md as the canonical example for CVE lab pages.
URL
Use this route pattern:
/labs/common-vulnerabilities/<lab-slug>
Example:
/labs/common-vulnerabilities/cve-2021-44228
Title
Use the exact lab title from labs.json as the page title. Do not rewrite, shorten, normalize, or SEO-edit the lab name in frontmatter.
Expected title shape:
Product / Component Vulnerability Type (CVE-YYYY-NNNN)
Example:
Apache Log4j Remote Code Execution (CVE-2021-44228)
Do not add Lab to the title. Keep the title focused on the product, vulnerability type, and CVE ID.
If the labs.json title contains a version, component, vendor wording, or known vulnerability name, preserve it exactly.
Meta Description
Use the meta description to clarify that the page is a hands-on Hackviser lab. Keep it unique, concise, and useful for search snippets.
Use this pattern, with the first sentence based on the exact labs.json title:
Practice <Product / Component Vulnerability Type> (CVE-YYYY-NNNN) in a hands-on Hackviser lab. Learn <known vulnerability name or CVE ID> impact, scope, and affected versions.
Example:
Practice Apache Log4j Remote Code Execution (CVE-2021-44228) in a hands-on Hackviser lab. Learn Log4Shell impact, scope, and affected versions.
Use a known vulnerability name only when it is widely recognized, such as Log4Shell. If the vulnerability does not have a clear public name, use the CVE ID instead:
Practice ProFTPD 1.3.5 mod_copy Remote Code Execution (CVE-2015-3306) in a hands-on Hackviser lab. Learn CVE-2015-3306 impact, scope, and affected version.
Frontmatter
Use this minimum frontmatter shape:
title:
description:
hide_title: true
layout: lab-detail
category_slug: "common-vulnerabilities"
category: "Common Vulnerabilities"
topic: "CVE 2021"
access: "VIP"
points: 10
premium: true
app_slug:
cve:
- "CVE-YYYY-NNNN"
cve_details:
- id:
severity:
cvss_score:
cvss_version:
cvss_vector:
cwe:
- "CWE-..."
affected_product:
published:
Do not add CVSS sub-metrics such as attack_vector, scope, confidentiality, integrity, or availability unless the UI starts rendering them.
Overview Structure
Use this content order:
Short intro paragraph.
### Vulnerability Overview
Explain what the vulnerability is and what behavior causes it.
### Impact
Explain what exploitation can lead to and why the issue matters. Mention severity and CVSS naturally here.
### Vulnerability Scope
Explain affected products, versions, components, and practical exposure scope. Keep long version ranges in this section, not in the side panel.
### Lab Focus
Explain what the learner practices conceptually. Do not include lab questions, answers, secrets, payloads, or step-by-step exploitation instructions.
### Resources
Add official or high-trust references.
Resource Rules
Prefer these sources:
- Vendor advisory or vendor documentation
- NVD
- CVE.org
- CISA KEV, only if the CVE is listed there
Avoid these by default:
- Exploit-DB
- PacketStorm
- random GitHub PoCs
- random blogs
- scanner or payload generator repositories
Keep resources to 3-4 links. Do not include exploit or PoC resources unless intentionally approved.
UI Rules
The lab detail page should stay simple:
Lab details: Category, Topic, Points, AccessCVE details: CVE, Severity, CVSS, CWE, Product, Published- CTA links to the specific Hackviser lab URL and opens in a new tab
Do not add:
- Difficulty
- Duration
- Lab question
- Secret or answer
- Payload or exploit steps
- extra badges
- CVSS calculators
SEO Rules
- Write
titleanddescriptionmanually. - H1 should be the lab title.
- Include the CVE ID in the title, meta description, and page content.
- Write original overview content; do not copy API descriptions verbatim.
- Use headings that describe the content clearly.
- Use official resources as trust signals.
- Keep the CTA separate from the educational content.