The result report includes the following:
Overview of objectives, scope of implementation.
Summary of approach, implementation methodology.
A list of identified vulnerabilities, and their severity.
For each vulnerability: severity level (critical, high, medium, low) / CVSS score, detailed description, reference link, location/parameter of that vulnerability on the system, analysis of the possibility to be exploited from internally/externally, proof of concept (PoC), steps to reproduce PoC, ...
The remediation for each vulnerability: