Workaround npm bug with inconsistent severity and score

[prabhu]

For CVE-2024-47875, the severity is returned as high but with a score of 10. To fix this issue, we utilize the vector string if available.

{'findings': [{'version': '2.3.6', 'paths': ['dompurify']}], 'found_by': None, 'deleted': None, 'references': '- https://github.com/cure53/DOMPurify/security/advisories/GHSA-gx9m-whjm-85jf\n- https://nvd.nist.gov/vuln/detail/CVE-2024-47875\n- https://github.com/cure53/DOMPurify/commit/0ef5e537a514f904b6aa1d7ad9e749e365d7185f\n- https://github.com/cure53/DOMPurify/commit/6ea80cd8b47640c20f2f230c7920b1f4ce4fdf7a\n- https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098\n- https://github.com/advisories/GHSA-gx9m-whjm-85jf', 'created': '2024-10-11T17:27:29.000Z', 'id': 1100056, 'npm_advisory_id': None, 'overview': 'DOMpurify was vulnerable to nesting-based mXSS \n\nfixed by [0ef5e537](https://github.com/cure53/DOMPurify/tree/0ef5e537a514f904b6aa1d7ad9e749e365d7185f) (2.x) and\n[merge 943](https://github.com/cure53/DOMPurify/pull/943)\n\nBackporter should be aware of GHSA-mmhx-hmjr-r674 (CVE-2024-45801) when cherry-picking\n\nPOC is avaible under [test](https://github.com/cure53/DOMPurify/blob/0ef5e537a514f904b6aa1d7ad9e749e365d7185f/test/test-suite.js#L2098)', 'reported_by': None, 'title': 'DOMpurify has a nesting-based mXSS', 'metadata': None, 'cves': ['CVE-2024-47875'], 'access': 'public', 'severity': 'high', 'module_name': 'dompurify', 'vulnerable_versions': '<2.5.0', 'github_advisory_id': 'GHSA-gx9m-whjm-85jf', 'recommendation': 'Upgrade to version 2.5.0 or later', 'patched_versions': '>=2.5.0', 'updated': '2024-10-11T17:27:30.000Z', 'cvss': {'score': 10, 'vectorString': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H'}, 'cwe': ['CWE-79'], 'url': 'https://github.com/advisories/GHSA-gx9m-whjm-85jf'}