How to rate application vulnerability?

I guess this is the same bug you linked to: