From c8ba6968395d3a6343e5383e6220bb6d6fbb4718 Mon Sep 17 00:00:00 2001
From: "advisory-database[bot]"
 <45398580+advisory-database[bot]@users.noreply.github.com>
Date: Fri, 13 Oct 2023 23:12:52 +0000
Subject: [PATCH] Publish Advisories

GHSA-chgc-rqjr-46gg
GHSA-2jc6-3fhj-8q84
---
 .../2023/01/GHSA-chgc-rqjr-46gg/GHSA-chgc-rqjr-46gg.json | 9 +++++++--
 .../2023/10/GHSA-2jc6-3fhj-8q84/GHSA-2jc6-3fhj-8q84.json | 4 ++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/advisories/github-reviewed/2023/01/GHSA-chgc-rqjr-46gg/GHSA-chgc-rqjr-46gg.json b/advisories/github-reviewed/2023/01/GHSA-chgc-rqjr-46gg/GHSA-chgc-rqjr-46gg.json
index 120af443375b2..cd1ccd3f45278 100644
--- a/advisories/github-reviewed/2023/01/GHSA-chgc-rqjr-46gg/GHSA-chgc-rqjr-46gg.json
+++ b/advisories/github-reviewed/2023/01/GHSA-chgc-rqjr-46gg/GHSA-chgc-rqjr-46gg.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-chgc-rqjr-46gg",
-  "modified": "2023-01-25T02:56:08Z",
+  "modified": "2023-10-13T23:12:11Z",
   "published": "2023-01-17T09:30:24Z",
   "aliases": [
     "CVE-2010-10008"
   ],
   "summary": "Cross Site Scripting in simplesamlphp-module-openidprovider",
-  "details": "A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.",
+  "details": "A vulnerability was found in simplesamlphp simplesamlphp-module-openidprovider up to 0.8.x. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file templates/trust.tpl.php. The manipulation of the argument StateID leads to cross site scripting. The attack can be launched remotely. Upgrading to version 0.9.0 is able to address this issue. The name of the patch is 8365d48c863cf06ccf1465cc0a161cefae29d69d. It is recommended to upgrade the affected component. The identifier VDB-218473 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. ",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -20,6 +20,11 @@
         "ecosystem": "Packagist",
         "name": "simplesamlphp/simplesamlphp-module-openidprovider"
       },
+      "ecosystem_specific": {
+        "affected_functions": [
+          ""
+        ]
+      },
       "ranges": [
         {
           "type": "ECOSYSTEM",
diff --git a/advisories/github-reviewed/2023/10/GHSA-2jc6-3fhj-8q84/GHSA-2jc6-3fhj-8q84.json b/advisories/github-reviewed/2023/10/GHSA-2jc6-3fhj-8q84/GHSA-2jc6-3fhj-8q84.json
index 15b5b5176d70d..b5d70a11b0818 100644
--- a/advisories/github-reviewed/2023/10/GHSA-2jc6-3fhj-8q84/GHSA-2jc6-3fhj-8q84.json
+++ b/advisories/github-reviewed/2023/10/GHSA-2jc6-3fhj-8q84/GHSA-2jc6-3fhj-8q84.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-2jc6-3fhj-8q84",
-  "modified": "2023-10-10T21:10:28Z",
+  "modified": "2023-10-13T23:11:11Z",
   "published": "2023-10-10T21:10:28Z",
   "aliases": [
     "CVE-2022-35950"
@@ -11,7 +11,7 @@
   "severity": [
     {
       "type": "CVSS_V3",
-      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N"
+      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"
     }
   ],
   "affected": [