diff --git a/data/local_vulnerable_files.xml b/data/local_vulnerable_files.xml
index 134456dc..d8dbd0a7 100644
--- a/data/local_vulnerable_files.xml
+++ b/data/local_vulnerable_files.xml
@@ -1,36 +1,30 @@
 <?xml version="1.0" encoding="UTF-8"?>
 
 <!--
-WPScan - WordPress Security Scanner
-Copyright (C) 2011  Ryan Dewhurst AKA ethicalhack3r
-
-This program is free software: you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-ryandewhurst at gmail
-
-  <hash sha1="">
-    <title></title>
-    <file></file>
-    <reference></reference>
-  </hash>
-
-  PS :  Only he following extensions are scanned : js, php, swf, html, htm
-        If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
-
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
 -->
 
-<hashes>
+<!--
+  Only he following extensions are scanned : js, php, swf, html, htm
+  If you want to add one, modify the variable file_extension_to_scan, line 191 in wpstools.rb
+-->
+
+<hashes xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="local_vulnerable_files.xsd">
 
   <hash sha1="17c372678aafb3bc1a7b37320b5cc1d8af433527">
     <title>XSS in swfupload.swf</title>
@@ -70,4 +64,3 @@ ryandewhurst at gmail
   </hash>
 
 </hashes>
-
diff --git a/data/local_vulnerable_files.xsd b/data/local_vulnerable_files.xsd
new file mode 100644
index 00000000..c5074cf5
--- /dev/null
+++ b/data/local_vulnerable_files.xsd
@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!--
+# WPScan - WordPress Security Scanner
+# Copyright (C) 2012-2013
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+-->
+
+<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+  <xs:simpleType name="stringtype">
+    <xs:restriction base="xs:string"/>
+  </xs:simpleType>
+
+  <xs:simpleType name="uritype">
+    <xs:restriction base="xs:anyURI"/>
+  </xs:simpleType>
+
+  <xs:simpleType name="sha1type">
+    <xs:restriction base="stringtype">
+      <xs:pattern value="[0-9a-f]{40}"/>
+    </xs:restriction>
+  </xs:simpleType>
+
+  <xs:complexType name="hashtype">
+    <xs:sequence minOccurs="1" maxOccurs="1">
+      <xs:element name="title" type="stringtype"/>
+      <xs:element name="file" type="stringtype"/>
+      <xs:element name="reference" type="uritype"/>
+    </xs:sequence>
+    <xs:attribute type="sha1type" name="sha1" use="required"/>
+  </xs:complexType>
+
+  <xs:element name="hashes">
+    <xs:complexType>
+      <xs:sequence>
+        <xs:element name="hash" type="hashtype" maxOccurs="unbounded" minOccurs="1"/>
+      </xs:sequence>
+    </xs:complexType>
+  </xs:element>
+
+</xs:schema>
\ No newline at end of file
diff --git a/data/vuln.xsd b/data/vuln.xsd
index e7eaa5f2..ea093fe2 100644
--- a/data/vuln.xsd
+++ b/data/vuln.xsd
@@ -24,6 +24,10 @@
     <xs:restriction base="xs:string"/>
   </xs:simpleType>
 
+  <xs:simpleType name="uritype">
+    <xs:restriction base="xs:anyURI"/>
+  </xs:simpleType>
+
   <xs:simpleType name="typetype">
     <xs:restriction base="xs:string">
       <xs:enumeration value="SQLI"/>
@@ -58,7 +62,7 @@
   <xs:complexType name="vulntype">
     <xs:sequence minOccurs="1" maxOccurs="1">
       <xs:element name="title" type="stringtype"/>
-      <xs:element name="reference" type="stringtype" maxOccurs="unbounded" minOccurs="1"/>
+      <xs:element name="reference" type="uritype" maxOccurs="unbounded" minOccurs="1"/>
       <xs:element name="metasploit" type="stringtype" maxOccurs="unbounded" minOccurs="0"/>
       <xs:element name="type" type="typetype"/>
     </xs:sequence>
diff --git a/lib/common_helper.rb b/lib/common_helper.rb
index cbeb52fc..949b791d 100644
--- a/lib/common_helper.rb
+++ b/lib/common_helper.rb
@@ -43,6 +43,7 @@ WP_VERSIONS_FILE    = DATA_DIR + "/wp_versions.xml"
 LOCAL_FILES_FILE    = DATA_DIR + "/local_vulnerable_files.xml"
 VULNS_XSD           = DATA_DIR + "/vuln.xsd"
 WP_VERSIONS_XSD     = DATA_DIR + "/wp_versions.xsd"
+LOCAL_FILES_XSD     = DATA_DIR + "/local_vulnerable_files.xsd"
 
 WPSCAN_VERSION       = "2.0"
 
diff --git a/spec/xml_checks_spec.rb b/spec/xml_checks_spec.rb
index 30b80440..b5db794e 100644
--- a/spec/xml_checks_spec.rb
+++ b/spec/xml_checks_spec.rb
@@ -23,20 +23,15 @@ describe "XML checks" do
   after :each do
     FileTest.exists?(@file).should be_true
 
-    if @xsd
-      xsd = Nokogiri::XML::Schema(File.read(@xsd))
-      doc = Nokogiri::XML(File.read(@file))
+    xsd = Nokogiri::XML::Schema(File.read(@xsd))
+    doc = Nokogiri::XML(File.read(@file))
 
-      errors = []
-      xsd.validate(doc).each do |error|
-        errors << error.message
-      end
-
-      errors.should === []
-    else
-      expect { Nokogiri::XML(File.read(@file)) { |config| config.strict } }.to_not raise_error
+    errors = []
+    xsd.validate(doc).each do |error|
+      errors << error.message
     end
 
+    errors.should === []
   end
 
   it "check plugin_vulns.xml for syntax errors" do
@@ -61,6 +56,6 @@ describe "XML checks" do
 
   it "check local_vulnerable_files.xml for syntax errors" do
     @file = LOCAL_FILES_FILE
-    @xsd = nil
+    @xsd = LOCAL_FILES_XSD
   end
 end
\ No newline at end of file