I have a site that is getting a 150004 "Path-based Vulnerability" on an URL that is actually an alias in the form www.x.com/xyz/. That obviously looks like a path, but is actually an url alias. There are about a hundred of these on the site, but only one is reported.
I'd like to report this as a false positive to my client, but the fact that only one of them was reported (while many were scanned) gives me some pause. Anyone have an explanation?