From ca97dacc0c8a3150dc4d46d75ada07161cf9e100 Mon Sep 17 00:00:00 2001
From: nullPointerExcepTed <decsecre583@gmail.com>
Date: Fri, 6 Feb 2026 12:18:02 +0800
Subject: [PATCH] Update GHSA-632q-77qj-c89q.json

---
 .../2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/advisories/github-reviewed/2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json b/advisories/github-reviewed/2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json
index 258aa13ca0b72..d198e67485273 100644
--- a/advisories/github-reviewed/2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json
+++ b/advisories/github-reviewed/2024/10/GHSA-632q-77qj-c89q/GHSA-632q-77qj-c89q.json
@@ -7,7 +7,7 @@
     "CVE-2024-28710"
   ],
   "summary": "LimeSurvey Cross Site Scripting vulnerability",
-  "details": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component.",
+  "details": "Cross Site Scripting vulnerability in LimeSurvey before 6.5.0+240319 allows a remote attacker to execute arbitrary code via a lack of input validation and output encoding in the Alert Widget's message component. NOTE: this vulnerability exists because of an incomplete fix for CVE-2024-28709. This vulnerability addresses the same class of XSS (missing `htmlentities()` encoding) that was partially fixed in [CVE-2024-28709](https://github.com/advisories/GHSA-c7xm-rwqj-pgcj), which only covered survey title/comment fields but not the Alert Widget.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -70,4 +70,4 @@
     "github_reviewed_at": "2024-10-07T19:01:59Z",
     "nvd_published_at": "2024-10-07T16:15:05Z"
   }
-}
\ No newline at end of file
+}