# CVSS Scoring
The Common Vulnerability Scoring System (CVSS) is an industry benchmark for evaluating the seriousness of identified vulnerabilities. It calculates a CVSS score by considering three metric categories (base, temporal, and environmental) encompassing various aspects of a vulnerability's impact and ability to persist in different contexts.
PlexTrac allows users to input or adjust scores when generating or revising findings, facilitating precise vulnerability assessment.
{% hint style="info" %}
CVSS is owned by FIRST and used with permission. This calculator is based on [FIRST CVSS documentation](https://www.first.org/cvss/).
{% endhint %}
## Entering a Findings Score
Step 1: From the **Findings** tab, click **Edit** under the "Actions" column of the finding to modify.
Step 2: On the **Finding Details** tab, select the applicable standard from the **Score type** pulldown menu ([information specifically on CVSS v3.1 and CVSS v4.0 is located further below](#cvss-3.1-calculator)). If not using CVSS, click **General**.
Step 3: Enter values in the provided fields.
The score information for that finding is now displayed on the **Finding Detail** page.
## CVSS v3.1/v4.0 Calculator
PlexTrac has a built-in calculator that generates a CVSS score based on selected input values. It also generates a CVSS vector and assigns severity to a finding based on the information selected and calculated score.
Users can create a value by clicking through the provided calculator, typing in a vector, or combining both actions.
The calculator is available when `CVSS v3.1` or `CVSS v4.0` is selected from the "Score type" field.
{% hint style="info" %}
If the value in the **Severity** field is manually changed at any point after a CVSSv3.1 score has been created, a warning message will appear:
{% endhint %}
### Entering a Score Manually
If the score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.
### Entering a Vector Manually
If the CVSS vector is known, entering the value in the "Vectore" field will dynamically set the finding severity.
### Using the Calculator
Step 1: In the "Score type" field, select `CVSS v3.1` or `CVSS v4.0`, then click **Calculate Score**.
Step 2: To create a vector, select values by clicking the fields provided. All values must be entered.
{% hint style="info" %}
The metrics available to configure differ depending on the score type selected.
{% endhint %}
After entering a value for all fields, a severity score, severity value, and vector value are populated.
Validation is performed on multiple fields to ensure accurate score and severity using vector string and record, which must be kept in sync.
The calculator updates the vector record string when a field is clicked. However, the string is displayed only when all base values are selected. The option to save will appear afterward.
When the vector string has changed, the string is then validated. If the string is valid, the record and selected values are updated in the calculator modal. If not, a warning message is displayed, and the save button is disabled.
Step 3: For more advanced scoring options, expand "Show temporal and environmental scoring."
Additional fields specific to the score type will be displayed for editing.
Step 5: When finished, scroll to the bottom of the modal and click **Save**. The severity, score, and vector are populated in the appropriate fields on the **Findings Details** tab.
CVSS 3.1 scores can also be viewed on the **Findings** tab of a report or client if that field has been configured to appear in the table.
{% endhint %}
### Entering a Score Manually
If the score is already known, it can be entered in the "Score" field, and the finding's severity will update to match the score.
