Vulnerability Report Generator

CVSS Calculator

6.5Medium
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Shown in bug bounty output

Overrides VRT in exports when set — useful for HackerOne or custom program tiers.

Advanced (Temporal & Environmental)

Temporal and environmental metrics are available in CVSS 3.1 spec but rarely used in bug bounty submissions. Base score above is what triagers typically evaluate.

Missing reproduction steps — triagers typically reject findings without clear steps to reproduce.
No impact statement — demonstrate what an attacker can achieve, not just what happens technically.
No proof of concept or evidence provided. Include HTTP request/response pairs or screenshots.
No target or endpoint specified. Include the affected host/URL for scope verification.

Finding Details

Affected Component

Proof of Concept / Evidence

Paste HTTP requests, payloads, or attach screenshots. Code blocks are preserved in output — wrap multi-line content in ``` fences or paste raw requests (auto-wrapped as ```http).

Supports `inline code` and ```code blocks``` — formatting is preserved in preview and export.

Describe what an attacker achieves(e.g. "take over any user's account"), not just what happens technically (e.g. "JavaScript executes").

Use demonstrated language ("An attacker can…") rather than theoretical ("might/could").

Steps to Reproduce

1

References

Live Preview

Untitled Finding

Severity: Medium (CVSS 6.5)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Steps to Reproduce

_No reproduction steps provided._