diff --git a/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp b/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp
index 4fc17e68530..b2258c457fe 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp
+++ b/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp
@@ -2,24 +2,21 @@
 <qhelp>
      <overview>
           <p>
-               A JSON Web Token (JWT) is used for authenticating and managing users in an application.
-          </p>
-          <p>
-               Only Decoding JWTs without checking if they have a valid signature or not can lead to security vulnerabilities.
+               A JSON Web Token (JWT) is used for authenticating and managing users in an application. It must be verified in order to ensure the JWT is genuine.
           </p>
 
      </overview>
      <recommendation>
 
           <p>
-               Don't use methods that only decode JWT, Instead use methods that verify the signature of JWT.
+               Don't use information from a JWT without verifying that JWT.
           </p>
 
      </recommendation>
      <example>
 
           <p>
-               The following code you can see an Example from a popular Library.
+               The following example illustrates secure and insecure use of the Auth0 `java-jwt` library.
           </p>
 
           <sample src="Example.java" />
@@ -27,8 +24,8 @@
      </example>
      <references>
           <li>
-               <a href="CVE-2021-37580">The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.</a>
+               <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-37580">The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.</a>
           </li>
      </references>
 
-</qhelp>
\ No newline at end of file
+</qhelp>