Merge pull request #296 from thc202/codeql/address-alerts

Address CodeQL alerts

Author: kingthorin

CHANGELOG.md

@@ -13,6 +13,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 ### Removed
 - standalone/Run report.js - no longer working, the old/deprecated class that it used was removed.
 
+### Fixed
+- active/User defined attacks.js - correctly escape dot character in some evidence strings.
+
 ## [15] - 2022-10-02
 ### Added
 - active/RCE.py

active/User defined attacks.js

@@ -33,8 +33,8 @@ var evidence = [
 	"ADODB.Field error",
 	"An illegal character has been found in the statement",
 	"An unexpected token .* was found",
-	"ASP\.NET is configured to show verbose error messages",
-	"ASP\.NET_SessionId",
+	"ASP\\.NET is configured to show verbose error messages",
+	"ASP\\.NET_SessionId",
 	"Custom Error Message",
 	"database error",
 	"DB2 Driver",