Publish GHSA-gvcw-x64m-pfcj

advisories/unreviewed/2022/05/GHSA-gvcw-x64m-pfcj/GHSA-gvcw-x64m-pfcj.json → advisories/github-reviewed/2022/05/GHSA-gvcw-x64m-pfcj/GHSA-gvcw-x64m-pfcj.json

@@ -1,11 +1,12 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-gvcw-x64m-pfcj",
-  "modified": "2022-05-14T02:00:29Z",
+  "modified": "2024-01-10T23:40:14Z",
   "published": "2022-05-14T02:00:29Z",
   "aliases": [
     "CVE-2018-11352"
   ],
+  "summary": "Wallabag cross-site scripting (XSS) vulnerability",
   "details": "The Wallabag application 2.2.3 to 2.3.2 is affected by one cross-site scripting (XSS) vulnerability that is stored within the configuration page. This vulnerability enables the execution of a JavaScript payload each time an administrator visits the configuration page. The vulnerability can be exploited with authentication and used to target administrators and steal their sessions.",
   "severity": [
     {
@@ -14,7 +15,25 @@
     }
   ],
   "affected": [
-
+    {
+      "package": {
+        "ecosystem": "Packagist",
+        "name": "wallabag/wallabag"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "2.2.3"
+            },
+            {
+              "fixed": "2.3.3"
+            }
+          ]
+        }
+      ]
+    }
   ],
   "references": [
     {
@@ -23,16 +42,20 @@
     },
     {
       "type": "WEB",
-      "url": "https://www.bishopfox.com/news/2018/09/wallabag-2-2-3-to-2-3-2-stored-cross-site-scripting/"
+      "url": "https://bishopfox.com/blog/wallabag-2-2-3-to-2-3-2-stored-cross-site-scripting"
+    },
+    {
+      "type": "PACKAGE",
+      "url": "https://github.com/wallabag/wallabag"
     }
   ],
   "database_specific": {
     "cwe_ids": [
       "CWE-79"
     ],
     "severity": "MODERATE",
-    "github_reviewed": false,
-    "github_reviewed_at": null,
+    "github_reviewed": true,
+    "github_reviewed_at": "2024-01-10T23:40:14Z",
     "nvd_published_at": "2018-09-21T16:29:00Z"
   }
 }