For information, following this topic I started to provide some documentation in https://dev.xwiki.org/xwiki/bin/view/Community/SecurityPolicy/#HSeverity and to deprecate our old severity matrix.
I also started to document the best practices we defined for computing CVSS in CVSS computation best practice for XSS and Formalize CVSS "Privileges Required" level for XWiki advisories