From cf0e050cc5d6ebb00a032ab408c72fb0c985f1a3 Mon Sep 17 00:00:00 2001
From: GitHub Action <action@github.com>
Date: Fri, 3 Mar 2023 12:09:16 +0000
Subject: [PATCH] Auto Generated CVE annotations [Fri Mar  3 12:09:16 UTC 2023]
 :robot:

---
 cves/2021/CVE-2021-32853.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/cves/2021/CVE-2021-32853.yaml b/cves/2021/CVE-2021-32853.yaml
index 9d7ce2426e..b30a3de2b7 100644
--- a/cves/2021/CVE-2021-32853.yaml
+++ b/cves/2021/CVE-2021-32853.yaml
@@ -3,7 +3,7 @@ id: CVE-2021-32853
 info:
   name: Erxes <0.23.0 - Cross-Site Scripting
   author: dwisiswant0
-  severity: medium
+  severity: critical
   description: Erxes before 0.23.0 contains a cross-site scripting vulnerability. The value of topicID parameter is not escaped and is triggered in the enclosing script tag.
   reference:
     - https://securitylab.github.com/advisories/GHSL-2021-103-erxes/
@@ -11,7 +11,10 @@ info:
     - https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/views/widget.ejs#L14
     - https://github.com/erxes/erxes/blob/f131b49add72032650d483f044d00658908aaf4a/widgets/server/index.ts#L54
   classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
+    cvss-score: 9.6
     cve-id: CVE-2021-32853
+    cwe-id: CWE-79
   metadata:
     shodan-query: http.title:"erxes"
   tags: cve,cve2021,xss,erxes,oss