diff --git a/ql/src/experimental/Security/CWE-643/XPathInjection.qhelp b/ql/src/experimental/Security/CWE-643/XPathInjection.qhelp
index 4996733a302..91bd0ca9e49 100644
--- a/ql/src/experimental/Security/CWE-643/XPathInjection.qhelp
+++ b/ql/src/experimental/Security/CWE-643/XPathInjection.qhelp
@@ -15,10 +15,10 @@ If user input must be included in an XPath expression, pre-compile the query and
 references to include the user input.
 </p>
 <p>
-For exmaple, when using the <code>github.com/moovweb/gokogiri</code> API, this can be done by creating a custom subtype of
+For example, when using the <code>github.com/moovweb/gokogiri</code> API, this can be done by creating a custom subtype of
 <code>xpath.VariableScope</code>, and implementing
 <code>ResolveVariable(string, string)</code> to return the user provided data. This
-custom scope can be specified when calling <code>SearchWithVariables(), EvalXPath() or EvalXPathAsBoolean()</code>.
+custom scope can be specified when calling <code>SearchWithVariables()</code>, <code>EvalXPath()</code>, or <code>EvalXPathAsBoolean()</code>.
 </p>
 
 </recommendation>
diff --git a/ql/src/experimental/Security/CWE-643/XPathInjection.ql b/ql/src/experimental/Security/CWE-643/XPathInjection.ql
index 2e34aaca344..f24aefa82d1 100644
--- a/ql/src/experimental/Security/CWE-643/XPathInjection.ql
+++ b/ql/src/experimental/Security/CWE-643/XPathInjection.ql
@@ -139,5 +139,5 @@ class GokogiriSink extends XPathInjectionSink {
 
 from DataFlow::PathNode source, DataFlow::PathNode sink, XPathInjectionConfiguration c
 where c.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "$@ flows to here and is used in an XPath expression.",
-  source.getNode(), "User-provided value"
+select sink.getNode(), source, sink, "$@ flows here and is used in an XPath expression.",
+  source.getNode(), "A user-provided value"