use strict;
...
my $cve_id = 'CVE-2008-3763';
my $query = "/nvd/entry[@id = $cve_id]";