I have a website security audit done for my site and discovered a possible xss vulnerability. I have no desire to give exact details so others will not exploit it or cause panic if it turns out to be a false positive. How do I go about giving the team the information presented by my report and security scan?