This video demonstrates the stored XSS vulnerability in Google Analytics by Yoast. The vendor assigned it DREAD score 5 (low). Apparently based on the number, some commentators have characterised the security issue as "minor" and the upgrade as "low priority".
We still think this is a critical vulnerability. Rather than using a number, it's probably more insightful to see what the vulnerability means in the real world.
It's important to patch your system even though the vendor assigned a low number. This isn't one of those "potential scenarios", it's an easy server-side code execution.
More information: http://klikki.fi/adv/yoast_analytics.html