riskdesc - Is a combination identifier, showing Risk followed by Confidence (in brackets). For example High (Medium) would indicate a High risk issue identified with Medium confidence.
<?xml version="1.0"?>
<OWASPZAPReport version="Dev Build" generated="Fri, 4 Feb 2022 17:42:18">
<site name="http://localhost:8080" host="localhost" port="8080" ssl="false">
<alerts>
<alertitem>
<pluginid>20012</pluginid>
<alertRef>20012</alertRef>
<alert>Anti-CSRF Tokens Check</alert>
<name>Anti-CSRF Tokens Check</name>
<riskcode>3</riskcode>
<confidence>2</confidence>
<riskdesc>High (Medium)</riskdesc>
<confidencedesc>Medium</confidencedesc>
<desc><p>A cross-site request forgery is an attack that involves forcing a victim to send an HTTP request to a target destination without their knowledge...</desc>
<instances>
<instance>
<uri>http://localhost:8080/bodgeit/advanced.jsp</uri>
<method>GET</method>
<param></param>
<attack></attack>
<evidence><form id="advanced" name="advanced" method="POST" onsubmit="return validateForm(this);false;"></evidence>
<otherinfo></otherinfo>
</instance>
<instance>
<uri>http://localhost:8080/bodgeit/advanced.jsp</uri>
<method>GET</method>
<param></param>
<attack></attack>
<evidence><form id="query" name="advanced" method="POST"></evidence>
<otherinfo></otherinfo>
</instance>
<instance>
<uri>http://localhost:8080/bodgeit/basket.jsp</uri>
<method>GET</method>
<param></param>
<attack></attack>
<evidence><form action="basket.jsp" method="post"></evidence>
<otherinfo></otherinfo>
</instance>