diff --git a/views/vulnerabilities/a1_injection/description.ejs b/views/vulnerabilities/a1_injection/description.ejs
index f2ab2fd7..83cc09ab 100644
--- a/views/vulnerabilities/a1_injection/description.ejs
+++ b/views/vulnerabilities/a1_injection/description.ejs
@@ -11,9 +11,11 @@ String query = "SELECT * FROM accounts WHERE custID='" + request.getParameter("i
 The attacker modifies the `id` parameter value in her browser to send following:
 
 ```
-' or '1'='1. For example:
+' or '1'='1
 ```
 
+For example:
+
 ```
 http://example.com/app/accountView?id=' or '1'='1
 ```
diff --git a/views/vulnerabilities/a1_injection/reference.ejs b/views/vulnerabilities/a1_injection/reference.ejs
index 267dbdab..5d83eb98 100644
--- a/views/vulnerabilities/a1_injection/reference.ejs
+++ b/views/vulnerabilities/a1_injection/reference.ejs
@@ -1,4 +1,4 @@
 <div class='markdown'>
-* https://www.owasp.org/index.php/Top_10_2013-A1-Injection
-* https://www.owasp.org/index.php/Injection_Flaws
-</div>
\ No newline at end of file
+* <a href=https://owasp.org/Top10/A03_2021-Injection/">OWASP Top Ten: Injection</a>
+* <a href=https://owasp.org/www-community/Injection_Flaws">OWASP: Injection Flaws</a>
+</div>
diff --git a/views/vulnerabilities/a7_xss/reference.ejs b/views/vulnerabilities/a7_xss/reference.ejs
index 2a5f98d8..183ca448 100644
--- a/views/vulnerabilities/a7_xss/reference.ejs
+++ b/views/vulnerabilities/a7_xss/reference.ejs
@@ -1,4 +1,4 @@
 <div class='markdown'>
-* https://www.owasp.org/index.php/Cross-site\_Scripting\_(XSS)
-* https://www.owasp.org/index.php/OWASP\_Testing\_Guide_v4\_Table\_of\_Contents
-</div>
\ No newline at end of file
+* <a href="https://owasp.org/www-community/attacks/xss/">OWASP: Cross Site Scripting (XSS)</a>
+* <a href="https://www.owasp.org/index.php/OWASP\_Testing\_Guide_v4\_Table\_of\_Contents">OWASP Testing Guide v4 Table of Contents</a>
+</div>