diff --git a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
index 4082f5967..7a9c4004b 100644
--- a/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
+++ b/main/project/JavaSource/org/owasp/webgoat/lessons/CrossSiteScripting/CrossSiteScripting.java
@@ -180,7 +180,8 @@ public class CrossSiteScripting extends GoatHillsFinancial
 			{
 				instructions = "Stage 1: Execute a Stored Cross Site Scripting (XSS) attack.<br>"
 						+ "As 'Tom', execute a Stored XSS attack against the Street field on the Edit Profile page.  "
-						+ "Verify that 'Jerry' is affected by the attack. <br/>(The passwords for the accounts are the first names.)";
+						+ "Verify that 'Jerry' is affected by the attack. <br/>The passwords for the accounts are the lower-case " 
+						+ "versions of their given names (e.g. the password for Tom Cat is \"tom\").";
 			}
 			else if (STAGE2.equals(stage))
 			{