From d1ef1121fcc0a832915dacc252b7463b2a77e92a Mon Sep 17 00:00:00 2001
From: Rishi Garg <rishigarg2503@gmail.com>
Date: Fri, 14 Feb 2025 11:55:02 +0530
Subject: [PATCH 1/2] Improved UI for severity details

Signed-off-by: Rishi Garg <rishigarg2503@gmail.com>
---
 .../templates/vulnerability_details.html      | 184 ++++++++++--------
 1 file changed, 103 insertions(+), 81 deletions(-)

diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
index 7001c8f3b..bcdb01a00 100644
--- a/vulnerabilities/templates/vulnerability_details.html
+++ b/vulnerabilities/templates/vulnerability_details.html
@@ -409,97 +409,119 @@
             <div class="tab-div content" data-content="severities-vectors">
                 {% for severity_vector in severity_vectors %}
                     {% if severity_vector.vector.version == '2.0'  %}
-                        Vector: {{ severity_vector.vector.vectorString }} Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
-                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
-                          <tr>
-                            <th>Exploitability (E)</th>
-                            <th>Access Vector (AV)</th>
-                            <th>Access Complexity (AC)</th>
-                            <th>Authentication (Au)</th>
-                            <th>Confidentiality Impact (C)</th>
-                            <th>Integrity Impact (I)</th>
-                            <th>Availability Impact (A)</th>
-                          </tr>
-                          <tr>
-                            <td>{{ severity_vector.vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
-                            <td>{{ severity_vector.vector.accessVector|cvss_printer:"local,adjacent_network,network" }}</td>
-                            <td>{{ severity_vector.vector.accessComplexity|cvss_printer:"high,medium,low" }}</td>
-                            <td>{{ severity_vector.vector.authentication|cvss_printer:"multiple,single,none" }}</td>
-                            <td>{{ severity_vector.vector.confidentialityImpact|cvss_printer:"none,partial,complete" }}</td>
-                            <td>{{ severity_vector.vector.integrityImpact|cvss_printer:"none,partial,complete" }}</td>
-                            <td>{{ severity_vector.vector.availabilityImpact|cvss_printer:"none,partial,complete" }}</td>
-                          </tr>
-                        </table>
+                        <div class="mb-4">
+                            Score: <strong>{{ severity_vector.vector.baseScore }}</strong> - 
+                            Vector: <strong>{{ severity_vector.vector.vectorString }}</strong>
+                            <a href="https://www.first.org/cvss/v2/guide" target="_blank" class="has-tooltip-multiline has-tooltip-black" data-tooltip="Learn more about CVSS v2.0">
+                                <i class="fa fa-info-circle"></i>
+                            </a>
+                            - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
+                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
+                                <tr>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the current state of exploit techniques or code availability.">Exploitability (E)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects how the vulnerability is exploited.">Access Vector (AV)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the complexity of the attack required.">Access Complexity (AC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the number of times an attacker must authenticate.">Authentication (Au)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact on confidentiality.">Confidentiality Impact (C)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity.">Integrity Impact (I)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to availability.">Availability Impact (A)</th>
+                                </tr>
+                                <tr>
+                                    <td>{{ severity_vector.vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
+                                    <td>{{ severity_vector.vector.accessVector|cvss_printer:"local,adjacent_network,network" }}</td>
+                                    <td>{{ severity_vector.vector.accessComplexity|cvss_printer:"high,medium,low" }}</td>
+                                    <td>{{ severity_vector.vector.authentication|cvss_printer:"multiple,single,none" }}</td>
+                                    <td>{{ severity_vector.vector.confidentialityImpact|cvss_printer:"none,partial,complete" }}</td>
+                                    <td>{{ severity_vector.vector.integrityImpact|cvss_printer:"none,partial,complete" }}</td>
+                                    <td>{{ severity_vector.vector.availabilityImpact|cvss_printer:"none,partial,complete" }}</td>
+                                </tr>
+                            </table>
+                        </div>
+            
                     {% elif severity_vector.vector.version == '3.1' or severity_vector.vector.version == '3.0'%}
-                        Vector: {{ severity_vector.vector.vectorString }} Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
-                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
-                              <tr>
-                                <th>Attack Vector (AV)</th>
-                                <th>Attack Complexity (AC)</th>
-                                <th>Privileges Required (PR)</th>
-                                <th>User Interaction (UI)</th>
-                                <th>Scope (S)</th>
-                                <th>Confidentiality Impact (C)</th>
-                                <th>Integrity Impact (I)</th>
-                                <th>Availability Impact (A)</th>
-                              </tr>
-                              <tr>
-                                <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
-                                <td>{{ severity_vector.vector.attackComplexity|cvss_printer:"low,high" }}</td>
-                                <td>{{ severity_vector.vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
-                                <td>{{ severity_vector.vector.userInteraction|cvss_printer:"none,required"}}</td>
-                                <td>{{ severity_vector.vector.scope|cvss_printer:"unchanged,changed" }}</td>
-                                <td>{{ severity_vector.vector.confidentialityImpact|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.integrityImpact|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.availabilityImpact|cvss_printer:"high,low,none" }}</td>
-                              </tr>
+                        <div class="mb-4">
+                            Score: <strong>{{ severity_vector.vector.baseScore }}</strong> - 
+                            Vector: <strong>{{ severity_vector.vector.vectorString }}</strong>
+                            <a href="https://www.first.org/cvss/v3.1/specification-document" target="_blank" class="has-tooltip-multiline has-tooltip-black" data-tooltip="Learn more about CVSS v3.1">
+                                <i class="fa fa-info-circle"></i>
+                            </a> 
+                            - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
+                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
+                                <tr>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible.">Attack Vector (AV)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the conditions beyond the attacker's control that must exist.">Attack Complexity (AC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess.">Privileges Required (PR)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for user participation.">User Interaction (UI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures whether a vulnerability impacts resources beyond its security scope.">Scope (S)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to confidentiality.">Confidentiality (C)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity.">Integrity (I)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to availability.">Availability (A)</th>
+                                </tr>
+                                <tr>
+                                    <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
+                                    <td>{{ severity_vector.vector.attackComplexity|cvss_printer:"low,high" }}</td>
+                                    <td>{{ severity_vector.vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
+                                    <td>{{ severity_vector.vector.userInteraction|cvss_printer:"none,required"}}</td>
+                                    <td>{{ severity_vector.vector.scope|cvss_printer:"unchanged,changed" }}</td>
+                                    <td>{{ severity_vector.vector.confidentialityImpact|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.integrityImpact|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.availabilityImpact|cvss_printer:"high,low,none" }}</td>
+                                </tr>
                             </table>
+                        </div>
+            
                     {% elif severity_vector.vector.version == '4' %}
-                        Vector: {{ severity_vector.vector.vectorString }} Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
-                        <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border">
-                              <tr>
-                                <th>Attack Vector (AV)</th>
-                                <th>Attack Complexity (AC)</th>
-                                <th>Attack Requirements (AT)</th>
-                                <th>Privileges Required (PR)</th>
-                                <th>User Interaction (UI)</th>
+                            Score: <strong>{{ severity_vector.vector.baseScore }}</strong> - 
+                            Vector: <strong>{{ severity_vector.vector.vectorString }}</strong>
+                            <a href="https://www.first.org/cvss/v4.0/specification-document" target="_blank" class="has-tooltip-multiline has-tooltip-black" data-tooltip="Learn more about CVSS v4.0">
+                                <i class="fa fa-info-circle"></i>
+                            </a>
+                            - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
+                            <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
+                                <tr>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible.">Attack Vector (AV)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the conditions beyond the attacker's control that must exist.">Attack Complexity (AC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the attack requirements that must be gathered.">Attack Requirements (AT)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess.">Privileges Required (PR)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for user participation.">User Interaction (UI)</th>
 
-                                <th>Vulnerable System Impact Confidentiality (VC)</th>
-                                <th>Vulnerable System Impact Integrity (VI)</th>
-                                <th>Vulnerable System Impact Availability (VA)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the confidentiality impact on the vulnerable system.">VS Impact Confidentiality (VC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the integrity impact on the vulnerable system.">VS Impact Integrity (VI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the availability impact on the vulnerable system.">VS Impact Availability (VA)</th>
 
-                                <th>Subsequent System Impact Confidentiality (SC)</th>
-                                <th>Subsequent System Impact Integrity (SI)</th>
-                                <th>Subsequent System Impact Availability (SA)</th>
-                              </tr>
-                              <tr>
-                                <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent,local,physical"}}</td>
-                                <td>{{ severity_vector.vector.attackComplexity|cvss_printer:"low,high" }}</td>
-                                <td>{{ severity_vector.vector.attackRequirement|cvss_printer:"none,present" }}</td>
-                                <td>{{ severity_vector.vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
-                                <td>{{ severity_vector.vector.userInteraction|cvss_printer:"none,passive,active"}}</td>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the confidentiality impact on the subsequent system.">SS Impact Confidentiality (SC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the integrity impact on the subsequent system.">SS Impact Integrity (SI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the availability impact on the subsequent system.">SS Impact Availability (SA)</th>
+                                </tr>
+                                <tr>
+                                    <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent,local,physical"}}</td>
+                                    <td>{{ severity_vector.vector.attackComplexity|cvss_printer:"low,high" }}</td>
+                                    <td>{{ severity_vector.vector.attackRequirement|cvss_printer:"none,present" }}</td>
+                                    <td>{{ severity_vector.vector.privilegesRequired|cvss_printer:"none,low,high" }}</td>
+                                    <td>{{ severity_vector.vector.userInteraction|cvss_printer:"none,passive,active"}}</td>
 
-                                <td>{{ severity_vector.vector.vulnerableSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.vulnerableSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.vulnerableSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.vulnerableSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.vulnerableSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.vulnerableSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
 
-                                <td>{{ severity_vector.vector.subsequentSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.subsequentSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
-                                <td>{{ severity_vector.vector.subsequentSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
-                              </tr>
+                                    <td>{{ severity_vector.vector.subsequentSystemImpactConfidentiality|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.subsequentSystemImpactIntegrity|cvss_printer:"high,low,none" }}</td>
+                                    <td>{{ severity_vector.vector.subsequentSystemImpactAvailability|cvss_printer:"high,low,none" }}</td>
+                                </tr>
                             </table>
                     {% elif severity_vector.vector.version == 'ssvc' %}
-                        <hr/>
-                        Vector: {{ severity_vector.vector.vectorString }} Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
-                        <hr/>
+                    <hr/>
+                    Vector: {{ severity_vector.vector.vectorString }} Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
+                    - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
+                    <hr/>
                     {% endif %}
-                    {% empty %}
-                        <tr>
-                            <td>
-                                There are no known vectors.
-                            </td>
-                        </tr>
-                    {% endfor %}
+                {% empty %}
+                <tr>
+                    <td>
+                        There are no known vectors.
+                    </td>
+                </tr>
+                {% endfor %}
             </div>
 
         

From d25fb799b03bb647f127ed40eceef15c444b9f3c Mon Sep 17 00:00:00 2001
From: Rishi Garg <rishigarg2503@gmail.com>
Date: Fri, 14 Feb 2025 17:43:40 +0530
Subject: [PATCH 2/2] Improved Hovertext for diffrent cvss versions

Signed-off-by: Rishi Garg <rishigarg2503@gmail.com>
---
 .../templates/vulnerability_details.html      | 89 +++++++++++++------
 1 file changed, 61 insertions(+), 28 deletions(-)

diff --git a/vulnerabilities/templates/vulnerability_details.html b/vulnerabilities/templates/vulnerability_details.html
index bcdb01a00..ee2a893df 100644
--- a/vulnerabilities/templates/vulnerability_details.html
+++ b/vulnerabilities/templates/vulnerability_details.html
@@ -418,13 +418,48 @@
                             - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
                             <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
                                 <tr>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the current state of exploit techniques or code availability.">Exploitability (E)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects how the vulnerability is exploited.">Access Vector (AV)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the complexity of the attack required.">Access Complexity (AC)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the number of times an attacker must authenticate.">Authentication (Au)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact on confidentiality.">Confidentiality Impact (C)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity.">Integrity Impact (I)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to availability.">Availability Impact (A)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Measures current state of exploit techniques or code availability.
+                                        Unproven: No exploit code available, theoretical only
+                                        Proof-of-Concept: Code exists but needs work by skilled attacker
+                                        Functional: Working code for most situations exists
+                                        High: Automated exploit, works reliably">Exploitability (E)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Reflects how vulnerability is exploited.
+                                        Local: Requires physical/shell access
+                                        Adjacent: Requires access to local network/domain
+                                        Network: Remotely exploitable">Access Vector (AV)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Measures attack complexity after access.
+                                        High: Requires specific elevated privileges/conditions
+                                        Medium: Somewhat specialized access conditions
+                                        Low: No specialized conditions needed">Access Complexity (AC)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Required authentication instances.
+                                        Multiple: Two or more authentications needed
+                                        Single: One instance of authentication
+                                        None: No authentication required">Authentication (Au)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Impact on information access and disclosure.
+                                        None: No confidentiality impact
+                                        Partial: Access to some restricted information
+                                        Complete: Total information disclosure">Confidentiality (C)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Impact on system integrity.
+                                        None: No integrity impact
+                                        Partial: Limited modification possible
+                                        Complete: Total integrity compromise">Integrity (I)</th>
+                                    
+                                    <th class="has-tooltip-multiline has-tooltip-black" 
+                                        data-tooltip="Impact on resource availability.
+                                        None: No availability impact
+                                        Partial: Reduced performance/interruptions
+                                        Complete: Resource completely unavailable">Availability (A)</th>
                                 </tr>
                                 <tr>
                                     <td>{{ severity_vector.vector.exploitability|cvss_printer:"high,functional,unproven,proof_of_concept,not_defined" }}</td>
@@ -437,7 +472,6 @@
                                 </tr>
                             </table>
                         </div>
-            
                     {% elif severity_vector.vector.version == '3.1' or severity_vector.vector.version == '3.0'%}
                         <div class="mb-4">
                             Score: <strong>{{ severity_vector.vector.baseScore }}</strong> - 
@@ -448,14 +482,14 @@
                             - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
                             <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
                                 <tr>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible.">Attack Vector (AV)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the conditions beyond the attacker's control that must exist.">Attack Complexity (AC)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess.">Privileges Required (PR)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for user participation.">User Interaction (UI)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures whether a vulnerability impacts resources beyond its security scope.">Scope (S)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to confidentiality.">Confidentiality (C)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity.">Integrity (I)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to availability.">Availability (A)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible. The Base Score increases the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable component.">Attack Vector (AV)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the conditions beyond the attacker’s control that must exist in order to exploit the vulnerability. Such conditions may require the collection of more information about the target or computational exceptions. The assessment of this metric excludes any requirements for user interaction in order to exploit the vulnerability. If a specific configuration is required for an attack to succeed, the Base metrics should be scored assuming the vulnerable component is in that configuration.">Attack Complexity (AC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess before successfully exploiting the vulnerability.">Privileges Required (PR)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for a user, other than the attacker, to participate in the successful compromise the vulnerable component. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.">User Interaction (UI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="Does a successful attack impact a component other than the vulnerable component? If so, the Base Score increases and the Confidentiality, Integrity and Authentication metrics should be scored relative to the impacted component.">Scope (S)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the confidentiality of the information resources managed by a software component due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.">Confidentiality (C)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information.">Integrity (I)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the availability of the impacted component resulting from a successfully exploited vulnerability. It refers to the loss of availability of the impacted component itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of an impacted component.">Availability (A)</th>
                                 </tr>
                                 <tr>
                                     <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent_network,local,physical"}}</td>
@@ -469,7 +503,6 @@
                                 </tr>
                             </table>
                         </div>
-            
                     {% elif severity_vector.vector.version == '4' %}
                             Score: <strong>{{ severity_vector.vector.baseScore }}</strong> - 
                             Vector: <strong>{{ severity_vector.vector.vectorString }}</strong>
@@ -479,19 +512,19 @@
                             - Found at <a href="{{ severity_vector.origin }}" target="_blank">{{ severity_vector.origin }}</a>
                             <table class="table is-bordered is-striped is-narrow is-hoverable is-fullwidth gray-header-border mt-2">
                                 <tr>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible.">Attack Vector (AV)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the conditions beyond the attacker's control that must exist.">Attack Complexity (AC)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the attack requirements that must be gathered.">Attack Requirements (AT)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess.">Privileges Required (PR)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for user participation.">User Interaction (UI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.">Attack Vector (AV)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.">Attack Complexity (AC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.">Attack Requirements (AT)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.">Privileges Required (PR)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.">User Interaction (UI)</th>
 
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the confidentiality impact on the vulnerable system.">VS Impact Confidentiality (VC)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the integrity impact on the vulnerable system.">VS Impact Integrity (VI)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the availability impact on the vulnerable system.">VS Impact Availability (VA)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.">VS Impact Confidentiality (VC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).">VS Impact Integrity (VI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.">VS Impact Availability (VA)</th>
 
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the confidentiality impact on the subsequent system.">SS Impact Confidentiality (SC)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the integrity impact on the subsequent system.">SS Impact Integrity (SI)</th>
-                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the availability impact on the subsequent system.">SS Impact Availability (SA)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.">SS Impact Confidentiality (SC)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).">SS Impact Integrity (SI)</th>
+                                    <th class="has-tooltip-multiline has-tooltip-black" data-tooltip="This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.">SS Impact Availability (SA)</th>
                                 </tr>
                                 <tr>
                                     <td>{{ severity_vector.vector.attackVector|cvss_printer:"network,adjacent,local,physical"}}</td>