bugcrowd · adamrdavid · Mar 15, 2021 · Feb 27, 2021 · Mar 15, 2021
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -45,6 +45,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 - broken_authentication_and_session_management.weak_login_function.https_not_available_or_http_by_default
 - broken_authentication_and_session_management.weak_login_function.http_and_https_available
 - broken_authentication_and_session_management.weak_login_function.lan_only
+- cross_site_request_forgery_csrf.flash_based.high_impact
+- cross_site_request_forgery_csrf.flash_based.low_impact
 - automotive_security_misconfiguration.infotainment
 - automotive_security_misconfiguration.infotainment.pii_leakage
 - automotive_security_misconfiguration.infotainment.code_execution_can_bus_pivot
@@ -57,6 +59,9 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/) and this p
 ### Changed
  - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_non_sensitive_page updated remediation advice
  - server_security_misconfiguration.lack_of_security_headers.cache_control_for_a_sensitive_page updated remediation advice
+ - cross_site_scripting_xss.flash_based priority changed from P4 to P5
+ - cross_site_request_forgery_csrf.flash_based priority changed from null to P5 (due to children removal)
+ - using_components_with_known_vulnerabilities.rosetta_flash priority changed from P4 to P5
 
 ## [v1.9](https://github.com/bugcrowd/vulnerability-rating-taxonomy/compare/v1.8...v1.9) - 2020-05-22
 ### Added

diff --git a/deprecated-node-mapping.json b/deprecated-node-mapping.json
@@ -167,6 +167,12 @@
   "broken_authentication_and_session_management.weak_login_function.lan_only": {
     "1.10": "broken_authentication_and_session_management.weak_login_function.over_http"
   },
+  "cross_site_request_forgery_csrf.flash_based.high_impact": {
+    "1.10": "cross_site_request_forgery_csrf.flash_based"
+  },
+  "cross_site_request_forgery_csrf.flash_based.low_impact": {
+    "1.10": "cross_site_request_forgery_csrf.flash_based"
+  },
   "automotive_security_misconfiguration.infotainment": {
     "1.10": "automotive_security_misconfiguration.infotainment_radio_head_unit"
   },

diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
@@ -295,7 +295,7 @@
             },
             {
               "id": "flash_based_external_authentication_injection",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
             },
             {
               "id": "email_html_injection",
@@ -582,7 +582,7 @@
         },
         {
           "id": "flash_based",
-          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N"
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:N"
         },
         {
           "id": "cookie_based",
@@ -680,16 +680,7 @@
         },
         {
           "id": "flash_based",
-          "children": [
-            {
-              "id": "high_impact",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N"
-            },
-            {
-              "id": "low_impact",
-              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N"
-            }
-          ]
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
         }
       ]
     },
@@ -767,7 +758,7 @@
       "children": [
         {
           "id": "rosetta_flash",
-          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N"
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:N"
         }
       ]
     },

diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
@@ -1120,7 +1120,7 @@
           "id": "flash_based",
           "name": "Flash-Based",
           "type": "subcategory",
-          "priority": 4
+          "priority": 5
         },
         {
           "id": "cookie_based",
@@ -1301,20 +1301,7 @@
           "id": "flash_based",
           "name": "Flash-Based",
           "type": "subcategory",
-          "children": [
-            {
-              "id": "high_impact",
-              "name": "High Impact",
-              "type": "variant",
-              "priority": 4
-            },
-            {
-              "id": "low_impact",
-              "name": "Low Impact",
-              "type": "variant",
-              "priority": 5
-            }
-          ]
+          "priority": 5
         }
       ]
     },
@@ -1627,7 +1614,7 @@
           "id": "rosetta_flash",
           "name": "Rosetta Flash",
           "type": "subcategory",
-          "priority": 4
+          "priority": 5
         },
         {
           "id": "outdated_software_version",