Better references and description

cves/2021/CVE-2021-21315.yaml

@@ -4,7 +4,10 @@ info:
   name: Node.js Systeminformation Command Injection
   author: pikpikcu
   severity: high
-  reference: https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
+  description: The System Information Library for Node.JS (npm package "systeminformation") is an open source collection of functions to retrieve detailed hardware, system and OS information. In systeminformation before version 5.3.1 there is a command injection vulnerability. Problem was fixed in version 5.3.1. As a workaround instead of upgrading, be sure to check or sanitize service parameters that are passed to si.inetLatency(), si.inetChecksite(), si.services(), si.processLoad() ... do only allow strings, reject any arrays. String sanitation works as expected.
+  reference: |
+    - https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
+    - https://security.netapp.com/advisory/ntap-20210312-0007/
   tags: nodejs,cve,cve2021
 
 requests:

cves/2021/CVE-2021-22122.yaml

@@ -4,6 +4,11 @@ info:
   name: FortiWeb v6.3.x-6.2.x Unauthenticated XSS
   author: dwisiswant0
   severity: medium
+  description: An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
+  reference: |
+    - https://www.fortiguard.com/psirt/FG-IR-20-122
+    - https://twitter.com/ptswarm/status/1357316793753362433
+
   tags: cve,cve2021,fortiweb,xss
 
   # FortiWeb GUI interface may allow an unauthenticated, remote attacker

cves/2021/CVE-2021-26710.yaml

@@ -4,6 +4,7 @@ info:
   name: Redwood v4.3.4.5-v4.5.3 XSS
   author: pikpikcu
   severity: medium
+  description: A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
   reference: https://vict0ni.me/report2web-xss-frame-injection.html
   tags: cve,cve2021,redwood,xss
 

cves/2021/CVE-2021-26722.yaml

@@ -4,7 +4,8 @@ info:
   name: LinkedIn Oncall 1.4.0 XSS
   author: pikpikcu
   severity: medium
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2021-26722
+  description: LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
+  reference: https://github.com/linkedin/oncall/issues/341
   tags: cve,cve2021,linkedin,xss
   issues: https://github.com/linkedin/oncall/issues/341
 

cves/2021/CVE-2021-26723.yaml

@@ -4,7 +4,12 @@ info:
   name: Jenzabar v9.20-v9.2.2 XSS
   author: pikpikcu
   severity: medium
-  reference: https://nvd.nist.gov/vuln/detail/CVE-2021-26723
+  description: Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
+  reference: |
+    - http://packetstormsecurity.com/files/161303/Jenzabar-9.2.2-Cross-Site-Scripting.html
+    - https://gist.github.com/Y0ung-DST/d1b6b65be6248b0ffc2b2f2120deb205
+    - https://jenzabar.com/blog
+    - https://y0ungdst.medium.com/xss-in-jenzabar-cve-2021-26723-a0749231328
   tags: cve,cve2021,jenzabar,xss
 
 requests:

cves/2021/CVE-2021-27330.yaml

@@ -4,6 +4,7 @@ info:
   name: Triconsole 3.75 XSS
   author: pikpikcu
   severity: medium
+  description: Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents.
   reference: https://www.exploit-db.com/exploits/49597
   tags: cve,cve2021,triconsole,xss
 

cves/2021/CVE-2021-3019.yaml

@@ -4,7 +4,10 @@ info:
   name: Lanproxy Directory Traversal
   author: pikpikcu
   severity: medium
-  reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3019
+  description: ffay lanproxy 0.1 allows Directory Traversal to read /../conf/config.properties to obtain credentials for a connection to the intranet.
+  reference: |
+    - https://github.com/ffay/lanproxy/commits/master
+    - https://github.com/maybe-why-not/lanproxy/issues/1
   tags: cve,cve2021,lanproxy,lfi
 
 requests: