No, not necessarily. CVSS severity levels are great for bulk classification & ...

2026-04-29 09:09:02 UTC

No, not necessarily. CVSS severity levels are great for bulk classification & priorisation but do not always correctly reflect individual findings - pretty much every pentester I know constantly complains about customers wanting cvss claasifications because of this. Additionally I kinda disagree with this CVSS string in this case, given it assumes UI:N which I always find iffy for reflected XSS.

Author Public Key

npub1t9qkvlgeus9htqvhdh0jp0aw9qpz76ph74r8e9hsudma57azvj3qndr0p6

Seen on

wss://relay.momostr.pink

Show more details

Published at

2026-04-29 09:09:02 UTC

Kind type

1 Short Text Note

Event JSON

{ "id": "66ce28ad7c9921833ab5d635637a4467245e30b70b034bab912aa6c0ef974cfb", "pubkey": "5941667d19e40b7581976ddf20bfae28022f6837f5467c96f0e377da7ba264a2", "created_at": 1777453742, "kind": 1, "tags": [ [ "proxy", "https://infosec.exchange/@nyanbinary/116487208488648736", "web" ], [ "p", "2501b38c72e6e3b834df0f336fb0f267cd4413e5b6c8d5c9e29316923d5d8c2a" ], [ "p", "5941667d19e40b7581976ddf20bfae28022f6837f5467c96f0e377da7ba264a2" ], [ "e", "3fa8afe1617fd344cac229e691b86ba1d56f874e800977e0fe599a989893ba93", "", "reply", "166d9992a5228f9682387875d8f20dbdcbebf44f0ee4a5efe82dfc64967d7397" ], [ "p", "86b397086a130510861dd58f255fadeee1c47815185fa3bb628a06b4d6af31ac" ], [ "e", "e9784f499b646fb1ba5c1e3686bb6adfbe0ba269f3da066e16b514851088bb88", "", "root", "86b397086a130510861dd58f255fadeee1c47815185fa3bb628a06b4d6af31ac" ], [ "p", "166d9992a5228f9682387875d8f20dbdcbebf44f0ee4a5efe82dfc64967d7397" ], [ "proxy", "https://infosec.exchange/users/nyanbinary/statuses/116487208488648736", "activitypub" ], [ "L", "pink.momostr" ], [ "l", "pink.momostr.activitypub:https://infosec.exchange/users/nyanbinary/statuses/116487208488648736", "pink.momostr" ], [ "-" ] ], "content": "No, not necessarily. CVSS severity levels are great for bulk classification \u0026 priorisation but do not always correctly reflect individual findings - pretty much every pentester I know constantly complains about customers wanting cvss claasifications because of this. Additionally I kinda disagree with this CVSS string in this case, given it assumes UI:N which I always find iffy for reflected XSS.", "sig": "82abeda49ed1f1c2c4b3b1ec87f7500d7664420eb447f7a822234b3361c884857582c4d0b0c699ca8e588de1d4b23ec57a87a0c47a98a94d5a9c6705fca97f53" }

nyanbinary on Nostr: No, not necessarily. CVSS severity levels are great for bulk classification & ...