What is The Common Vulnerability Scoring System (CVSS)

The Common Vulnerability Scoring System (CVSS; www.first.org/cvss) is a joint initiative started by CERT/CC, Cisco, DHS/MITRE, eBay, Internet Security Systems, Microsoft, Qualys, and Symantec to assign universal numeric risk ratings on reported vulnerabilities. It uses a fairly flexible approach toward classification and numeric risk weight assignment

CVSS scoring is based on a number of metrics explained fully at www.first.org/cvss/cvssguide.html