diff --git a/data/release-notes/enterprise-server/3-3/11.yml b/data/release-notes/enterprise-server/3-3/11.yml
index c9996b0f20..53969bede5 100644
--- a/data/release-notes/enterprise-server/3-3/11.yml
+++ b/data/release-notes/enterprise-server/3-3/11.yml
@@ -4,7 +4,10 @@ sections:
     - "**MEDIUM**: Prevents an attack where a server-side request forgery (SSRF) could potentially force the Subversion (SVN) bridge to execute remote code by injecting arbitrary data into Memcached." 
     - "**MEDIUM**: Prevents an attacker from executing Javascript code by exploiting a cross-site scripting (XSS) vulnerability in dropdown UI elements within the GitHub Enterprise Server web interface." 
     - Updates Grafana to version 7.5.16, which addresses various security vulnerabilities including [CVE-2020-13379](https://github.com/advisories/GHSA-wc9w-wvq2-ffm9) and [CVE-2022-21702](https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g). 
-    - Packages have been updated to the latest security versions. 
+    - Packages have been updated to the latest security versions.
+    - "**MEDIUM**: A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2022-23733](https://www.cve.org/CVERecord?id=CVE-2022-23733). [Updated: 2022-07-31]"
+
+
   bugs:
     - Fixed an issue where the files inside the artifact zip archives had permissions of 000 when unpacked using an unzip tool. Now the files will have the permissions set to 644, the same way as it works in GitHub.com. 
     - In some cases, the collectd daemon could consume excess memory. 
diff --git a/data/release-notes/enterprise-server/3-4/6.yml b/data/release-notes/enterprise-server/3-4/6.yml
index 9f3dca7441..d089f9e2cf 100644
--- a/data/release-notes/enterprise-server/3-4/6.yml
+++ b/data/release-notes/enterprise-server/3-4/6.yml
@@ -4,7 +4,8 @@ sections:
     - "**MEDIUM**: Prevents an attack where a server-side request forgery (SSRF) could potentially force the Subversion (SVN) bridge to execute remote code by injecting arbitrary data into Memcached." 
     - "**MEDIUM**: Prevents an attacker from executing Javascript code by exploiting a cross-site scripting (XSS) vulnerability in dropdown UI elements within the GitHub Enterprise Server web interface." 
     - Updates Grafana to version 7.5.16, which addresses various security vulnerabilities including [CVE-2020-13379](https://github.com/advisories/GHSA-wc9w-wvq2-ffm9) and [CVE-2022-21702](https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g). 
-    - Packages have been updated to the latest security versions. 
+    - Packages have been updated to the latest security versions.
+    - "**MEDIUM**: A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2022-23733](https://www.cve.org/CVERecord?id=CVE-2022-23733).  [Updated: 2022-07-31]"
   bugs:
     - In some cases, the collectd daemon could consume excess memory. 
     - In some cases, backups of rotated log files could accumulate and consume excess storage. 
diff --git a/data/release-notes/enterprise-server/3-5/3.yml b/data/release-notes/enterprise-server/3-5/3.yml
index 82ab7e4f6b..bcd2dc9d55 100644
--- a/data/release-notes/enterprise-server/3-5/3.yml
+++ b/data/release-notes/enterprise-server/3-5/3.yml
@@ -5,6 +5,8 @@ sections:
     - "**MEDIUM**: Prevents an attacker from executing Javascript code by exploiting a cross-site scripting (XSS) vulnerability in dropdown UI elements within the GitHub Enterprise Server web interface."
     - Updates Grafana to version 7.5.16, which addresses various security vulnerabilities including [CVE-2020-13379](https://github.com/advisories/GHSA-wc9w-wvq2-ffm9) and [CVE-2022-21702](https://github.com/grafana/grafana/security/advisories/GHSA-xc3p-28hw-q24g).  
     - Packages have been updated to the latest security versions. 
+    - "**MEDIUM**: A stored XSS vulnerability was identified in GitHub Enterprise Server that allowed the injection of arbitrary attributes. This injection was blocked by Github's Content Security Policy (CSP). This vulnerability was reported via the GitHub Bug Bounty program and has been assigned [CVE-2022-23733](https://www.cve.org/CVERecord?id=CVE-2022-23733).  [Updated: 2022-07-31]"
+    
   bugs:
     - In some cases, the collectd daemon could consume excess memory. 
     - In some cases, backups of rotated log files could accumulate and consume excess storage.