What is the difference between CVSS v3.1 and CVSS v4.0?

CVSS v4.0 is the latest standard from FIRST.org. It introduces finer granularity for Base metrics (such as separating User Interaction into Active and Passive), adds dedicated Threat and Environmental metrics (formerly Temporal), introduces safety metrics (Supplemental) for critical systems, and provides more accurate severity scoring for modern cloud and cyber-physical setups.

What is a CVSS vector string?

A CVSS vector string is a condensed, standardized representation of a vulnerability's metric values (e.g., CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H). It allows engineers, databases, and scanners to exchange precise metric values instantly without parsing multi-field records.

Does this CVSS calculator send any vulnerability details to external servers?

No. The SecurityXP CVSS Threat Scorer runs 100% locally in your browser memory. All score calculations and vector string transformations are performed client-side using JavaScript. Your audit data remains fully confidential and safe.

Interactive Infosec Utilities

CVSS v4.0 & v3.1 Threat Scorer & Vector Generator

Quickly evaluate, score, and document security vulnerabilities using official FIRST.org Common Vulnerability Scoring System (CVSS) specifications. Seamlessly toggle between CVSS v4.0 and CVSS v3.1 to generate compliant vectors and severity scores. **100% Client-Side calculation.**

Calculated Threat Rating

10.0

Severity Category CRITICAL

Sub-Score Breakdown:

Vulnerable Impact (VC/VI/VA): H/H/H

Subsequent Impact (SC/SI/SA): N/N/N

Exploitability Setup: N/L/N/N/N

Scores dynamically calculate per official FIRST guidelines.

Standardized CVSS v4.0 Vector String:


CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

1. Exploitability Metrics

Attack Vector (AV)

Attack Complexity (AC)

Attack Requirements (AT)

Privileges Required (PR)

User Interaction (UI)

2. Vulnerable System Impact Metrics

Confidentiality Impact (VC)

Integrity Impact (VI)

Availability Impact (VA)

3. Subsequent Systems Impact Metrics

Confidentiality Impact (SC)

Integrity Impact (SI)

Availability Impact (SA)

[EXPLANATION]

Click any metric button to build your threat vector. Hovering over a metric explains its security logic dynamically.

Collaborate & Share

Share this tool with your security team

Help your peers audit configurations, calculate CVSS strings, and analyze passwords locally and securely. No data ever leaves their browser.