Add Flash Based CSRF

CHANGELOG.md

@@ -18,6 +18,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - mobile_security_misconfiguration.auto_backup_allowed_by_default
 - server_security_misconfiguration.no_rate_limiting_on_form.change_password
 - server_side_injection.content_spoofing.impersonation_via_broken_link_hijacking
+- cross_site_request_forgery_csrf.flash_based.high_impact
+- cross_site_request_forgery_csrf.flash_based.low_impact
 
 ### Removed
 - sensitive_data_exposure.critically_sensitive_data.password_disclosure

mappings/cvss_v3/cvss_v3.json

@@ -681,6 +681,19 @@
         {
           "id": "csrf_token_not_unique_per_request",
           "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
+        },
+        {
+          "id": "flash_based",
+          "children": [
+            {
+              "id": "high_impact",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
+            },
+            {
+              "id": "low_impact",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+            }
+          ]
         }
       ]
     },

vulnerability-rating-taxonomy.json

@@ -1302,6 +1302,25 @@
           "name": "CSRF Token Not Unique Per Request",
           "type": "subcategory",
           "priority": 5
+        },
+        {
+          "id": "flash_based",
+          "name": "Flash-Based",
+          "type": "subcategory",
+          "children": [
+            {
+              "id": "high_impact",
+              "name": "High Impact",
+              "type": "variant",
+              "priority": 4
+            },
+            {
+              "id": "low_impact",
+              "name": "Low Impact",
+              "type": "variant",
+              "priority": 5
+            }
+          ]
         }
       ]
     },