From b73c123b8394a8eef45ee4ab9261b933573fb83d Mon Sep 17 00:00:00 2001
From: Michael Hess <mlhess@umich.edu>
Date: Tue, 25 Apr 2023 15:56:32 -0400
Subject: [PATCH] Update CVE-2022-25273.json

---
 2022/25xxx/CVE-2022-25273.json | 65 ++++++++++++++++++++++++++--------
 1 file changed, 51 insertions(+), 14 deletions(-)

diff --git a/2022/25xxx/CVE-2022-25273.json b/2022/25xxx/CVE-2022-25273.json
index a9324646758..af3f92846c7 100644
--- a/2022/25xxx/CVE-2022-25273.json
+++ b/2022/25xxx/CVE-2022-25273.json
@@ -1,18 +1,55 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-25273",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
+  "dataType": "CVE_RECORD",
+  "dataVersion": "5.0",
+  "cveMetadata": {
+    "cveId": "CVE-2022-25273",
+    "assignerOrgId": "00000000-0000-4000-9000-000000000000",
+    "state": "PUBLISHED"
+  },
+  "containers": {
+    "cna": {
+      "providerMetadata": {
+        "orgId": "00000000-0000-4000-9000-000000000000"
+      },
+      "affected": [
+        {
+          "vendor": "Drupal",
+          "product": "core",
+          "versions": [
             {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+              "status": "affected",
+              "version": "9.3",
+              "lessThanOrEqual": "9.3.12",
+              "versionType": "custom"
+            },
+            {
+              "status": "affected",
+              "version": "9.2",
+              "lessThanOrEqual": "9.2.18",
+              "versionType": "custom"
             }
-        ]
+          ],
+          "defaultStatus": "unknown"
+        }
+      ],
+      "descriptions": [
+        {
+          "lang": "en",
+          "value": "Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.\n",
+          "supportingMedia": [
+            {
+              "type": "text/html",
+              "base64": false,
+              "value": "<span style=\"background-color: rgb(255, 255, 255);\">Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data.</span><br>"
+            }
+          ]
+        }
+      ],
+      "references": [
+        {
+          "url": "https://www.drupal.org/sa-core-2022-008"
+        }
+      ]
     }
-}
\ No newline at end of file
+  }
+}