data/reports: review 1 report

Updates golang/vulndb#5662
Fixes golang/vulndb#5840
Fixes golang/vulndb#5796

Change-Id: I0dd79926b11638d83a129d3a82bbfbe2714ff12f
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/798300
Auto-Submit: Neal Patel <nealpatel@google.com>
Reviewed-by: Roland Shoemaker <roland@golang.org>
LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
diff --git a/data/osv/GO-2026-5662.json b/data/osv/GO-2026-5662.json
index f7c2d9a..ceefba4 100644
--- a/data/osv/GO-2026-5662.json
+++ b/data/osv/GO-2026-5662.json
@@ -7,8 +7,8 @@
     "CVE-2026-40179",
     "GHSA-vffh-x6r8-xx99"
   ],
-  "summary": "Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus",
-  "details": "Prometheus has Stored XSS via metric names and label values in Prometheus web UI tooltips and metrics explorer in github.com/prometheus/prometheus.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: .",
+  "summary": "Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus",
+  "details": "Prometheus has Stored XSS via metric names and label values in Prometheus web UI in github.com/prometheus/prometheus",
   "affected": [
     {
       "package": {
@@ -21,62 +21,6 @@
           "events": [
             {
               "introduced": "0"
-            }
-          ]
-        }
-      ],
-      "ecosystem_specific": {
-        "custom_ranges": [
-          {
-            "type": "ECOSYSTEM",
-            "events": [
-              {
-                "introduced": "3.6.0"
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "package": {
-        "name": "github.com/prometheus/prometheus",
-        "ecosystem": "Go"
-      },
-      "ranges": [
-        {
-          "type": "SEMVER",
-          "events": [
-            {
-              "introduced": "0"
-            }
-          ]
-        }
-      ],
-      "ecosystem_specific": {
-        "custom_ranges": [
-          {
-            "type": "ECOSYSTEM",
-            "events": [
-              {
-                "introduced": "3.0.0"
-              }
-            ]
-          }
-        ]
-      }
-    },
-    {
-      "package": {
-        "name": "github.com/prometheus/prometheus",
-        "ecosystem": "Go"
-      },
-      "ranges": [
-        {
-          "type": "SEMVER",
-          "events": [
-            {
-              "introduced": "0"
             },
             {
               "fixed": "0.311.2-0.20260410083055-07c6232d159b"
@@ -84,7 +28,27 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "custom_ranges": [
+          {
+            "type": "ECOSYSTEM",
+            "events": [
+              {
+                "introduced": "3.0.0"
+              },
+              {
+                "fixed": "3.5.2"
+              },
+              {
+                "introduced": "3.6.0"
+              },
+              {
+                "fixed": "3.11.2"
+              }
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -93,10 +57,6 @@
       "url": "https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-40179"
-    },
-    {
       "type": "FIX",
       "url": "https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c"
     },
@@ -107,6 +67,6 @@
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2026-5662",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }
\ No newline at end of file
diff --git a/data/reports/GO-2026-5662.yaml b/data/reports/GO-2026-5662.yaml
index d42e371..6ce2fda 100644
--- a/data/reports/GO-2026-5662.yaml
+++ b/data/reports/GO-2026-5662.yaml
@@ -1,36 +1,26 @@
 id: GO-2026-5662
 modules:
     - module: github.com/prometheus/prometheus
-      non_go_versions:
-        - introduced: 3.6.0
-      unsupported_versions:
-        - last_affected: 3.11.1
-      vulnerable_at: 0.312.0
-    - module: github.com/prometheus/prometheus
-      non_go_versions:
-        - introduced: 3.0.0
-      unsupported_versions:
-        - last_affected: 3.5.1
-      vulnerable_at: 0.312.0
-    - module: github.com/prometheus/prometheus
       versions:
         - fixed: 0.311.2-0.20260410083055-07c6232d159b
+      non_go_versions:
+        - introduced: 3.0.0
+        - fixed: 3.5.2
+        - introduced: 3.6.0
+        - fixed: 3.11.2
       vulnerable_at: 0.311.1
 summary: |-
     Prometheus has Stored XSS via metric names and label values in Prometheus web UI
-    tooltips and metrics explorer in github.com/prometheus/prometheus
+    in github.com/prometheus/prometheus
 cves:
     - CVE-2026-40179
 ghsas:
     - GHSA-vffh-x6r8-xx99
 references:
     - advisory: https://github.com/prometheus/prometheus/security/advisories/GHSA-vffh-x6r8-xx99
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2026-40179
     - fix: https://github.com/prometheus/prometheus/commit/07c6232d159bfb474a077788be184d87adcfac3c
     - fix: https://github.com/prometheus/prometheus/pull/18506
-notes:
-    - fix: 'module merge error: could not merge versions of module github.com/prometheus/prometheus: introduced and fixed versions must alternate'
 source:
     id: GHSA-vffh-x6r8-xx99
     created: 2026-06-25T15:46:19.777474719-04:00
-review_status: UNREVIEWED
+review_status: REVIEWED