Timmy

Closing the issue since the PR for this has been submitted: [#367](https://github.com/bugcrowd/vulnerability-rating-taxonomy/pull/367)

Thank you for this suggestion. We will definitely address this with the next realease!

Hi fennellkyle, I agree with you partly, that PE and BAC are related however they are not the same and cannot be considered as a subcategory of one another because:...

P.S >AuthZ which allows a lower-priv user access to higher-priv data/operations based on my comment you can see that what you've mentioned is a BAC issue.

Based on @p3t3rr4bb1t's comment, if you add PE as a sub-category of BAC, then XSS could also be considered as a sub-category of BAC, right? The way I understand this...

Imported to intermediate branch.

merged into the intermadiate branch.

As per discussion, I've made changes and this is how it looks now: P2 - Server Security Misconfiguration - Server-Side Request Forgery (SSRF) - Internal High Impact P3 - Server...

merged to the intermediate branch.

Imported to intermediate branch.