Removed pipe (|) character from references, because the structure requires it to be a string slice, not a string

Related nuclei tickets:
* #259 - dynamic key-value field support for template information
* #940 - new infos in template
* #834
* RES-84

cves/2008/CVE-2008-4668.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/6618
     - https://www.cvedetails.com/cve/CVE-2008-4668
   tags: cve,cve2008,joomla,lfi

cves/2008/CVE-2008-4764.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/5435
     - https://www.cvedetails.com/cve/CVE-2008-4764
   tags: cve,cve2008,joomla,lfi

cves/2008/CVE-2008-6172.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in captcha/captcha_image.php in the RWCards (com_rwcards) 3.0.11 component for Joomla!, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the img parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/6817
     - https://www.cvedetails.com/cve/CVE-2008-6172
   tags: cve,cve2008,joomla,lfi

cves/2009/CVE-2009-5114.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the DOC parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/36994
     - https://www.cvedetails.com/cve/CVE-2009-5114
   tags: cve,cve2009,lfi

cves/2010/CVE-2010-0943.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the JA Showcase (com_jashowcase) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter in a jashowcase action to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/11090
     - https://www.cvedetails.com/cve/CVE-2010-0943
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-0944.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the JCollection (com_jcollection) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/11088
     - https://www.cvedetails.com/cve/CVE-2010-0944
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1353.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the LoginBox Pro (com_loginbox) component for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12068
     - https://www.cvedetails.com/cve/CVE-2010-1353
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1474.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Sweety Keeper (com_sweetykeeper) component 1.5.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12182
     - https://www.cvedetails.com/cve/CVE-2010-1474
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1495.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Matamko (com_matamko) component 1.01 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12286
     - https://www.cvedetails.com/cve/CVE-2010-1495
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1602.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the ZiMB Comment (com_zimbcomment) component 0.8.1 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12283
     - https://www.cvedetails.com/cve/CVE-2010-1602
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1657.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the SmartSite (com_smartsite) component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12428
     - https://www.cvedetails.com/cve/CVE-2010-1657
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1722.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Online Market (com_market) component 2.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12177
     - https://www.cvedetails.com/cve/CVE-2010-1722
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1875.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Real Estate Property (com_properties) component 3.1.22-03 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/11851
     - https://www.cvedetails.com/cve/CVE-2010-1875
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1953.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the iNetLanka Multiple Map (com_multimap) component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12288
     - https://www.cvedetails.com/cve/CVE-2010-1953
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1955.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Deluxe Blog Factory (com_blogfactory) component 1.1.2 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12238
     - https://www.cvedetails.com/cve/CVE-2010-1955
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1979.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Affiliate Datafeeds (com_datafeeds) component build 880 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12088
     - https://www.cvedetails.com/cve/CVE-2010-1979
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-1983.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the redTWITTER (com_redtwitter) component 1.0.x including 1.0b11 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the view parameter to index.php
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/12055
     - https://www.cvedetails.com/cve/CVE-2010-1983
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-2033.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Percha Fields Attach (com_perchafieldsattach) component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://packetstormsecurity.com/files/89654/Joomla-Percha-Categories-Tree-0.6-Local-File-Inclusion.html
     - https://www.cvedetails.com/cve/CVE-2010-2033
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-2259.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the BF Survey (com_bfsurvey) component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/10946
     - https://www.cvedetails.com/cve/CVE-2010-2259
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-2682.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the Realtyna Translator (com_realtyna) component 1.0.15 for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/14017
     - https://www.cvedetails.com/cve/CVE-2010-2682
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-4617.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in the section parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/15791
     - https://www.cvedetails.com/cve/CVE-2010-4617
   tags: cve,cve2010,joomla,lfi

cves/2010/CVE-2010-5278.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in manager/controllers/default/resource/tvs.php in MODx Revolution 2.0.2-pl, and possibly earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the class_key parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/34788
     - https://www.cvedetails.com/cve/CVE-2010-5278
   tags: cve,cve2010,lfi

cves/2011/CVE-2011-4336.yaml

@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: medium
   description: Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
-  reference: |
+  reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2011-4336
     - https://www.securityfocus.com/bid/48806/info
     - https://seclists.org/bugtraq/2011/Nov/140

cves/2011/CVE-2011-4804.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the obSuggest (com_obsuggest) component before 1.8 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/36598
     - https://www.cvedetails.com/cve/CVE-2011-4804
   tags: cve,cve2011,joomla,lfi

cves/2012/CVE-2012-0991.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php; or (2) load_form.php, (3) view_form.php, or (4) trend_form.php in interface/patient_file/encounter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/36650
     - https://www.cvedetails.com/cve/CVE-2012-0991
   tags: cve,cve2012,lfi,openemr

cves/2012/CVE-2012-4253.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2) f parameter learn/cubemail/filemanagement.php, or execute arbitrary local files via a .. (dot dot) in the (3) config parameter to learn/cubemail/menu.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/37129
     - https://www.cvedetails.com/cve/CVE-2012-4253
   tags: cve,cve2012,lfi

cves/2013/CVE-2013-5979.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/26955
     - https://www.cvedetails.com/cve/CVE-2013-5979
     - https://bugs.launchpad.net/xibo/+bug/1093967

cves/2014/CVE-2014-4535.yaml

@@ -4,7 +4,7 @@ info:
   name: Import Legacy Media <= 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://wpscan.com/vulnerability/7fb78d3c-f784-4630-ad92-d33e5de814fd
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4535
   tags: cve,cve2014,wordpress,wp-plugin,xss

cves/2014/CVE-2014-4536.yaml

@@ -4,7 +4,7 @@ info:
   name: Infusionsoft Gravity Forms Add-on < 1.5.7 - Unauthenticated Reflected XSS
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://wpscan.com/vulnerability/f048b5cc-5379-4c19-9a43-cd8c49c8129f
     - https://nvd.nist.gov/vuln/detail/CVE-2014-4536
   tags: cve,cve2014,wordpress,wp-plugin,xss

cves/2014/CVE-2014-5368.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/39287
     - https://www.cvedetails.com/cve/CVE-2014-5368
   tags: cve,cve2014,wordpress,wp-plugin,lfi

cves/2014/CVE-2014-8799.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/35346
     - https://www.cvedetails.com/cve/CVE-2014-8799
   tags: cve,cve2014,wordpress,wp-plugin,lfi

cves/2015/CVE-2015-2807.yaml

@@ -4,7 +4,7 @@ info:
   name: Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://advisories.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
     - https://nvd.nist.gov/vuln/detail/CVE-2015-2807
   tags: cve,cve2015,wordpress,wp-plugin,xss

cves/2015/CVE-2015-9414.yaml

@@ -4,7 +4,7 @@ info:
   name: WP Symposium <= 15.8.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://wpscan.com/vulnerability/2ac2d43f-bf3f-4831-9585-5c5484051095
     - https://nvd.nist.gov/vuln/detail/CVE-2015-9414
   tags: cve,cve2015,wordpress,wp-plugin,xss

cves/2016/CVE-2016-1000128.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   description: Reflected XSS in wordpress plugin anti-plagiarism v3.60
-  reference: |
+  reference:
     - http://www.vapidlabs.com/wp/wp_advisory.php?v=161
     - https://wordpress.org/plugins/anti-plagiarism
   tags: cve,cve2016,wordpress,xss,wp-plugin

cves/2016/CVE-2016-1000139.yaml

@@ -4,7 +4,7 @@ info:
   name: Infusionsoft Gravity Forms Add-on <= 1.5.11 - XSS
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://wpscan.com/vulnerability/0a60039b-a08a-4f51-a540-59f397dceb6a
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000139
   tags: cve,cve2016,wordpress,wp-plugin,xss

cves/2016/CVE-2016-1000148.yaml

@@ -4,7 +4,7 @@ info:
   name: S3 Video Plugin <= 0.983 - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://wpscan.com/vulnerability/ead796ed-202a-451f-b041-d39c9cf1fb54
     - https://nvd.nist.gov/vuln/detail/CVE-2016-1000148
   tags: cve,cve2016,wordpress,wp-plugin,xss

cves/2016/CVE-2016-10993.yaml

@@ -4,7 +4,7 @@ info:
   name: ScoreMe Theme - Unauthenticated Reflected Cross-Site Scripting (XSS)
   author: daffainfo
   severity: medium
-  reference: |
+  reference:
     - https://www.vulnerability-lab.com/get_content.php?id=1808
     - https://nvd.nist.gov/vuln/detail/CVE-2016-10993
   tags: cve,cve2016,wordpress,wp-theme,xss

cves/2016/CVE-2016-2389.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
-  reference: |
+  reference:
     - https://erpscan.io/advisories/erpscan-16-009-sap-xmii-directory-traversal-vulnerability/
     - https://www.cvedetails.com/cve/CVE-2016-2389
   tags: cve,cve2016,lfi,sap

cves/2017/CVE-2017-18024.yaml

@@ -4,7 +4,7 @@ info:
   name: AvantFAX 3.3.3 XSS
   author: pikpikcu
   severity: medium
-  reference: |
+  reference:
     - https://hackerone.com/reports/963798
     - http://packetstormsecurity.com/files/145776/AvantFAX-3.3.3-Cross-Site-Scripting.html
     - https://nvd.nist.gov/vuln/detail/CVE-2017-18024

cves/2018/CVE-2018-10818.yaml

@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: critical
   description: The vulnerability (CVE-2018-10818) is a pre-auth remote command injection vulnerability found in the majority of LG NAS devices. You cannot simply log in with any random username and password. However, there lies a command injection vulnerability in the “password” parameter.
-  reference: |
+  reference:
     - https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/
     - https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247
   tags: cve,cve2018,lg-nas,rce,oob

cves/2018/CVE-2018-16167.yaml

@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: critical
   description: LogonTracer 1.2.0 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/49918
     - https://nvd.nist.gov/vuln/detail/CVE-2018-16167
   tags: cve,cve2018,logontracer,rce,oob

cves/2018/CVE-2018-16288.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: LG SuperSign CMS allows reading of arbitrary files via signEzUI/playlist/edit/upload/..%2f URIs.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/45440
     - https://www.cvedetails.com/cve/CVE-2018-16288
   tags: cve,cve2018,lfi

cves/2018/CVE-2018-19458.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: In PHP Proxy 3.0.3, any user can read files from the server without authentication due to an index.php?q=file:/// LFI URI, a different vulnerability than CVE-2018-19246.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/45780
     - https://www.cvedetails.com/cve/CVE-2018-19458
   tags: cve,cve2018,lfi

cves/2018/CVE-2018-20470.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
-  reference: |
+  reference:
     - https://barriersec.com/2019/06/cve-2018-20470-sahi-pro/
     - https://www.cvedetails.com/cve/CVE-2018-20470
   tags: cve,cve2018,lfi

cves/2019/CVE-2019-12276.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Path Traversal vulnerability in Controllers/LetsEncryptController.cs in LetsEncryptController in GrandNode 4.40 allows remote, unauthenticated attackers to retrieve arbitrary files on the web server via specially crafted LetsEncrypt/Index?fileName= HTTP requests. A patch for this issue was made on 2019-05-30 in GrandNode 4.40.
-  reference: |
+  reference:
     - https://security401.com/grandnode-path-traversal/
     - https://www.cvedetails.com/cve/CVE-2019-12276
   tags: cve,cve2019,lfi

cves/2019/CVE-2019-16313.yaml

@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: high
   description: ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code.
-  reference: |
+  reference:
     - https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/CVE-2019-16313%20%E8%9C%82%E7%BD%91%E4%BA%92%E8%81%94%E4%BC%81%E4%B8%9A%E7%BA%A7%E8%B7%AF%E7%94%B1%E5%99%A8v4.31%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%E6%BC%8F%E6%B4%9E.md
     - https://nvd.nist.gov/vuln/detail/CVE-2019-16313
   tags: cve,cve2019,lfi

cves/2019/CVE-2019-16332.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   description: In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS.
-  reference: |
+  reference:
     - https://plugins.trac.wordpress.org/changeset/2152730
     - https://wordpress.org/plugins/api-bearer-auth/#developers
   tags: cve,cve2019,wordpress,xss,wp-plugin

cves/2019/CVE-2019-7238.yaml

@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: critical
   tags: cve,cve2019,nexus,rce
-  reference: |
+  reference:
       - https://nvd.nist.gov/vuln/detail/CVE-2019-7238
       - https://github.com/jas502n/CVE-2019-7238
 

cves/2020/CVE-2019-9618.yaml

@@ -4,7 +4,7 @@ info:
   name: GraceMedia Media Player 1.0 - Local File Inclusion
   author: 0x_Akoko
   severity: critical
-  reference: |
+  reference:
       - https://www.exploit-db.com/exploits/46537
       - https://nvd.nist.gov/vuln/detail/CVE-2019-9618
   tags: cve,cve2019,wordpress,wp-plugin,lfi

cves/2020/CVE-2020-25223.yaml

@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: critical
   description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11
-  reference: |
+  reference:
     - https://www.atredis.com/blog/2021/8/18/sophos-utm-cve-2020-25223
   tags: cve,cve2020,sophos,rce,oob
 

cves/2020/CVE-2020-35598.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/49343
     - https://www.cvedetails.com/cve/CVE-2020-35598
   tags: cve,cve2020,lfi

cves/2020/CVE-2020-6637.yaml

@@ -6,7 +6,7 @@ info:
   severity: high
   description: openSIS Community Edition version 7.3 is vulnerable to SQL injection via the USERNAME parameter of index.php.
   tags: cve,cve2020,sqli,opensis
-  reference: |
+  reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2020-6637
     - https://cinzinga.com/CVE-2020-6637/
 

cves/2021/CVE-2021-20090.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
     A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 could allow unauthenticated remote attackers to bypass authentication.
-  reference: |
+  reference:
       - https://nvd.nist.gov/vuln/detail/CVE-2021-20090
       - https://www.tenable.com/security/research/tra-2021-13
       - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

cves/2021/CVE-2021-20091.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
     The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
-  reference: |
+  reference:
       - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
       - https://www.tenable.com/security/research/tra-2021-13
       - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

cves/2021/CVE-2021-20092.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
     The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly restrict access to sensitive information from an unauthorized actor.
-  reference: |
+  reference:
       - https://nvd.nist.gov/vuln/detail/CVE-2021-20091
       - https://www.tenable.com/security/research/tra-2021-13
       - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

cves/2021/CVE-2021-24320.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: medium
   description: The Bello - Directory & Listing WordPress theme before 1.6.0 did not properly sanitise and escape its listing_list_view, bt_bb_listing_field_my_lat, bt_bb_listing_field_my_lng, bt_bb_listing_field_distance_value, bt_bb_listing_field_my_lat_default, bt_bb_listing_field_keyword, bt_bb_listing_field_location_autocomplete, bt_bb_listing_field_price_range_from and bt_bb_listing_field_price_range_to parameter in ints listing page, leading to reflected Cross-Site Scripting issues.
-  reference: |
+  reference:
     - https://m0ze.ru/vulnerability/%5B2021-03-21%5D-%5BWordPress%5D-%5BCWE-79%5D-Bello-WordPress-Theme-v1.5.9.txt
     - https://wpscan.com/vulnerability/6b5b42fd-028a-4405-b027-3266058029bb
   tags: cve,cve2021,wordpress,xss,wp-plugin

cves/2021/CVE-2021-29484.yaml

@@ -6,7 +6,7 @@ info:
   description: Ghost is a Node.js CMS. An unused endpoint added during the development of 4.0.0 has left sites vulnerable to untrusted users gaining access to Ghost Admin. Attackers can gain access by getting logged in users to click a link containing malicious code. Users do not need to enter credentials and may not know they've visited a malicious site.
   severity: medium
   tags: cve,cve2021,xss,ghost
-  reference: |
+  reference:
         - https://github.com/TryGhost/Ghost/security/advisories/GHSA-9fgx-q25h-jxrg
         - https://nvd.nist.gov/vuln/detail/CVE-2021-29484
 

cves/2021/CVE-2021-3017.yaml

@@ -5,7 +5,7 @@ info:
   author: pikpikcu
   severity: high
   description: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
-  reference: |
+  reference:
     - https://poc.wgpsec.org/PeiQi_Wiki/%E7%BD%91%E7%BB%9C%E8%AE%BE%E5%A4%87%E6%BC%8F%E6%B4%9E/Intelbras/Intelbras%20Wireless%20%E6%9C%AA%E6%8E%88%E6%9D%83%E4%B8%8E%E5%AF%86%E7%A0%81%E6%B3%84%E9%9C%B2%20CVE-2021-3017.html
     - https://nvd.nist.gov/vuln/detail/CVE-2021-3017
   tags: cve,cve2021,exposure,router

cves/2021/CVE-2021-32305.yaml

@@ -5,7 +5,7 @@ info:
   description: WebSVN before 2.6.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the search parameter.
   author: gy741
   severity: critical
-  reference: |
+  reference:
     - https://nvd.nist.gov/vuln/detail/CVE-2021-32305
     - https://packetstormsecurity.com/files/163225/Websvn-2.6.0-Remote-Code-Execution.html
   tags: cve,cve2021,websvn,rce,oob

cves/2021/CVE-2021-33807.yaml

@@ -5,7 +5,7 @@ info:
   author: daffainfo
   severity: high
   description: Cartadis Gespage through 8.2.1 allows Directory Traversal in gespage/doDownloadData and gespage/webapp/doDownloadData.
-  reference: |
+  reference:
     - https://www.on-x.com/sites/default/files/on-x_-_security_advisory_-_gespage_-_cve-2021-33807.pdf
     - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33807
   tags: cve,cve2021,lfi

cves/2021/CVE-2021-34473.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
     Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-31196, CVE-2021-31206.
-  reference: |
+  reference:
         - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34473
         - https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html
         - https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1

cves/2021/CVE-2021-35336.yaml

@@ -5,7 +5,7 @@ info:
   author: Pratik Khalane
   severity: critical
   description: Finding the Tieline Admin Panels with default credentials.
-  reference: |
+  reference:
         - https://pratikkhalane91.medium.com/use-of-default-credentials-to-unauthorised-remote-access-of-internal-panel-of-tieline-c1ffe3b3757c
         - https://nvd.nist.gov/vuln/detail/CVE-2021-35336
   tags: cve,cve2021,tieline,default-login

cves/2021/CVE-2021-36380.yaml

@@ -5,7 +5,7 @@ info:
   description: The /cgi/networkDiag.cgi script directly incorporated user-controllable parameters within a shell command, allowing an attacker to manipulate the resulting command by injecting valid OS command input. The following POST request injects a new command that instructs the server to establish a reverse TCP connection to another system, allowing the establishment of an interactive remote shell session.
   author: gy741
   severity: critical
-  reference: |
+  reference:
     - https://research.nccgroup.com/2021/07/26/technical-advisory-sunhillo-sureline-unauthenticated-os-command-injection-cve-2021-36380/
   tags: cve,cve2021,sureline,rce,oob
 

cves/2021/CVE-2021-37704.yaml

@@ -6,7 +6,7 @@ info:
   severity: low
   description: phpinfo() exposure in unprotected composer vendor folder via phpfastcache/phpfastcache.
   tags: cve,cve2021,exposure,phpfastcache
-  reference: |
+  reference:
     https://github.com/PHPSocialNetwork/phpfastcache/pull/813
     https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37704
 

exposures/configs/qdpm-info-leak.yaml

@@ -6,7 +6,7 @@ info:
   name: qdPM 9.2 - DB Connection String and Password Exposure (Unauthenticated)
   severity: high
   tags: qdpm,exposure
-  reference: |
+  reference:
       - https://www.exploit-db.com/exploits/50176
 
 requests:

misconfiguration/akamai-arl-xss.yaml

@@ -5,7 +5,7 @@ info:
   author: pdteam
   severity: medium
   tags: akamai,xss
-  reference: |
+  reference:
       - https://github.com/war-and-code/akamai-arl-hack
       - https://twitter.com/SpiderSec/status/1421176297548435459
       - https://warandcode.com/post/akamai-arl-hack/

misconfiguration/zabbix-dashboards-access.yaml

@@ -5,7 +5,7 @@ info:
   author: pussycat0x,vsh00t
   severity: medium
   description: View dashboard with guest login.
-  reference: |
+  reference:
         - https://www.exploit-db.com/ghdb/5595
         - https://packetstormsecurity.com/files/163657/zabbix5x-sqlxss.txt
   tags: zabbix,unauth

takeovers/announcekit-takeover.yaml

@@ -5,7 +5,7 @@ info:
   author: melbadry9
   severity: high
   tags: takeover,announcekit
-  reference: |
+  reference:
     - https://blog.melbadry9.xyz/dangling-dns/xyz-services/dangling-dns-announcekit
     - https://github.com/EdOverflow/can-i-take-over-xyz/issues/228
 

vulnerabilities/other/beward-ipcamera-disclosure.yaml

@@ -5,7 +5,7 @@ info:
   author: geeknik
   severity: high
   description: The N100 compact color IP camera suffers from an authenticated file disclosure vulnerability. Input passed via the READ.filePath parameter in fileread script is not properly verified before being used to read files. This can be exploited to disclose the contents of arbitrary files via absolute path or via the SendCGICMD API.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/46320
     - https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5511.php
   tags: iot,camera,disclosure

vulnerabilities/other/buffalo-config-injection.yaml

@@ -6,7 +6,7 @@ info:
   severity: critical
   description: |
     The web interfaces of Buffalo WSR-2533DHPL2 firmware version <= 1.02 and WSR-2533DHP3 firmware version <= 1.24 do not properly sanitize user input. An authenticated remote attacker could leverage this vulnerability to alter device configuration, potentially gaining remote code execution.
-  reference: |
+  reference:
       - https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
       - https://www.tenable.com/security/research/tra-2021-13
       - https://medium.com/tenable-techblog/bypassing-authentication-on-arcadyan-routers-with-cve-2021-20090-and-rooting-some-buffalo-ea1dd30980c2

vulnerabilities/other/ms-exchange-server-reflected-xss.yaml

@@ -4,7 +4,7 @@ info:
   name: MS Exchange Server XSS
   author: infosecsanyam
   severity: medium
-  reference: |
+  reference:
         - https://www.shodan.io/search?query=http.title%3A%22Outlook%22
         - https://blog.orange.tw/2021/08/proxyoracle-a-new-attack-surface-on-ms-exchange-part-2.html
   tags: miscrsoft,exchange,owa,xss

vulnerabilities/other/opensis-lfi.yaml

@@ -4,7 +4,7 @@ info:
   name: openSIS 5.1 - 'ajax.php' Local File Inclusion
   author: pikpikcu
   severity: high
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/38039
     - https://www.securityfocus.com/bid/56598/info
   tags: opensis,lfi

vulnerabilities/other/sar2html-rce.yaml

@@ -5,7 +5,7 @@ info:
   author: gy741
   severity: critical
   description: SAR2HTML could allow a remote attacker to execute arbitrary commands on the system, caused by a commend injection flaw in the index.php script. By sending specially-crafted commands, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
-  reference: |
+  reference:
     - https://www.exploit-db.com/exploits/49344
   tags: sar2html,rce,oob
 

vulnerabilities/wordpress/wp-woocommerce-pdf-invoice-listing.yaml

@@ -5,7 +5,7 @@ info:
   author: mohammedsaneem,sec_hawk
   severity: medium
   description: Allows attacker to view sensitive information such as company invoices
-  reference: |
+  reference:
       - https://twitter.com/sec_hawk/status/1426984595094913025?s=21
       - https://github.com/Mohammedsaneem/wordpress-upload-information-disclosure/blob/main/worpress-upload.yaml
       - https://woocommerce.com/products/pdf-invoices/