diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c908ead..181213a7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,12 +8,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Standalone script 'PrivateMethodAccess.js'
 - Variant script 'AddUrlParams.js'
 - Extender script 'ScanMonitor.js'
+
 ### Changed
 - Add cautionary note to help and readme.
 - Maintenance and documentation changes.
 
 ### Fixed 
-- Bug in 'Mutliple Security Header Check.js'.
+- The following scripts were not being loaded as scan rules:
+  - active/SSTI.js
+  - passive/Mutliple Security Header Check.js
 
 ## [19] - 2024-07-01
 ### Added
diff --git a/active/SSTI.js b/active/SSTI.js
index 2d3d52a5..c701a3ed 100644
--- a/active/SSTI.js
+++ b/active/SSTI.js
@@ -14,6 +14,7 @@ var log = LoggerManager.getLogger("SSTI");
 var ScanRuleMetadata = Java.type(
   "org.zaproxy.addon.commonlib.scanrules.ScanRuleMetadata"
 );
+var CommonAlertTag = Java.type("org.zaproxy.addon.commonlib.CommonAlertTag");
 
 function getMetadata() {
   return ScanRuleMetadata.fromYaml(`