The Bugcrowd Vulnerability Rating Taxonomy (VRT) has been updated to provide additional granularity for Cross-Site Scripting (XSS) entries, capturing priority variations for XSS within applications with multiple user privilege levels. Understanding the context of both the attacker and victim is essential in determining an appropriate priority value, as situations where a lower privilege user can XSS a higher privilege user have the most severe impact. The update reflects insights from feedback received over a month ago, including new scenarios that led to the implementation, such as Stored XSS with non-admin attacking anyone and Reflected XSS with admin attacking anyone. The VRT is meant to convey a baseline suggestion, and ultimately, the final decision regarding a bug's priority is up to the client.