Improve GHSA-6px3-qxvf-fwv5

advisories/unreviewed/2023/10/GHSA-6px3-qxvf-fwv5/GHSA-6px3-qxvf-fwv5.json

@@ -1,36 +1,62 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6px3-qxvf-fwv5",
-  "modified": "2023-10-30T12:30:30Z",
+  "modified": "2023-11-08T05:04:17Z",
   "published": "2023-10-23T21:30:59Z",
   "aliases": [
     "CVE-2023-37636"
   ],
+  "summary": "CVE-2023-37636",
   "details": "A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.",
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "uvdesk/community-skeleton"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.1.3"
+            }
+          ]
+        }
+      ],
+      "database_specific": {
+        "last_known_affected_version_range": "< 1.1.1"
+      }
+    }
   ],
   "references": [
     {
       "type": "ADVISORY",
       "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37636"
     },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/uvdesk/community-skeleton/"
+    },
     {
       "type": "WEB",
-      "url": "https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting"
+      "url": "https://www.esecforte.com/cve-2023-37636-stored-cross-site-scripting/"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-79"
     ],
-    "severity": null,
+    "severity": "MODERATE",
     "github_reviewed": false,
     "github_reviewed_at": null,
     "nvd_published_at": "2023-10-23T21:15:08Z"