diff --git a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
index 63f28578ec1e..b5ef7781f361 100644
--- a/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
+++ b/javascript/ql/src/Security/CWE-116/IncompleteMultiCharacterSanitization.qhelp
@@ -108,7 +108,7 @@ str.replace(/\.\.\//g, "");
 </sample>
 
 <p>
-The regular expression attempts to strip out all occurences of <code>/../</code> from <code>str</code>.
+The regular expression attempts to strip out all occurrences of <code>/../</code> from <code>str</code>.
 This will not work as expected: for the string <code>/./.././</code>, for example, it will remove the single
 occurrence of <code>/../</code> in the middle, but the remainder of the string then becomes
 <code>/../</code>, which is another instance of the substring we were trying to remove.