diff --git a/src/main/resources/lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc b/src/main/resources/lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc
index edc411eda..dc72a0aba 100755
--- a/src/main/resources/lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc
+++ b/src/main/resources/lessons/bypassrestrictions/documentation/BypassRestrictions_FieldRestrictions.adoc
@@ -3,4 +3,4 @@ In most browsers, the client has complete or almost complete control over the HT
 of the webpage. They can alter values or restrictions to fit their preference.
 
 === Task
-Send a request that bypasses restrictions of all four of these fields.
+Send a request that bypasses restrictions of all five of these fields.
diff --git a/src/main/resources/lessons/xss/documentation/CrossSiteScripting_content4.adoc b/src/main/resources/lessons/xss/documentation/CrossSiteScripting_content4.adoc
index 4f1f7e377..87d0d3465 100644
--- a/src/main/resources/lessons/xss/documentation/CrossSiteScripting_content4.adoc
+++ b/src/main/resources/lessons/xss/documentation/CrossSiteScripting_content4.adoc
@@ -12,5 +12,5 @@
 * Runs with browser privileges inherited from the user in a browser
 
 === Stored or persistent
-* Malicious content is stored on the server ( in a database, file system, or other objects) and later displayed to users in a web browser
+* Malicious content is stored on the server (in a database, file system, or other objects) and later displayed to users in a web browser
 * Social engineering is not required