I just came across this site <a href="https://www.htbridge.com/cvss_web_calculator/">https://www.htbridge.com/cvss_web_calculator/</a> which appears to be a pretty useful resource to calculate CVSS scores for various web vulns. Obviously you will need to take context for your own environment into consideration when using the tool. I'd welcome any thoughts on it's applicability for the issues you commonly see.<div>
<br></div><div>Happy Holidays!<br clear="all"><div><br></div>-- <br><font color="#888888">Tony Turner<br>OWASP Orlando Chapter Founder/Co-Leader<br><a href="mailto:tony.turner@owasp.org" target="_blank">tony.turner@owasp.org</a></font><div>
<a href="https://www.owasp.org/index.php/Orlando" target="_blank">https://www.owasp.org/index.php/Orlando</a>
</div><div><br></div>
</div>