diff --git a/site/content/docs/alerts/90011-1.md b/site/content/docs/alerts/90011-1.md
new file mode 100644
index 000000000..c7f637738
--- /dev/null
+++ b/site/content/docs/alerts/90011-1.md
@@ -0,0 +1,27 @@
+---
+title: "Charset Mismatch (Header Versus Meta Content-Type Charset)"
+alertid: 90011-1
+alertindex: 9001101
+alerttype: "Passive"
+alertcount: 4
+status: release
+type: alert
+risk: Informational
+solution: "Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML."
+references:
+   - https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
+other: "There was a charset mismatch between the HTTP Header and the META content-type encoding declarations: [UTF-8] and [ISO-123] do not match."
+cwe: 436
+wasc: 15
+alerttags: 
+  - CWE-436
+  - POLICY_PENTEST
+  - POLICY_QA_STD
+  - SYSTEMIC
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java"
+help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#id-90011
+---
+This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.
+
+An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
diff --git a/site/content/docs/alerts/90011-2.md b/site/content/docs/alerts/90011-2.md
new file mode 100644
index 000000000..0ebb83160
--- /dev/null
+++ b/site/content/docs/alerts/90011-2.md
@@ -0,0 +1,27 @@
+---
+title: "Charset Mismatch (Header Versus Meta Charset)"
+alertid: 90011-2
+alertindex: 9001102
+alerttype: "Passive"
+alertcount: 4
+status: release
+type: alert
+risk: Informational
+solution: "Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML."
+references:
+   - https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
+other: "There was a charset mismatch between the HTTP Header and the META charset encoding declaration: [UTF-8] and [ISO-123] do not match."
+cwe: 436
+wasc: 15
+alerttags: 
+  - CWE-436
+  - POLICY_PENTEST
+  - POLICY_QA_STD
+  - SYSTEMIC
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java"
+help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#id-90011
+---
+This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.
+
+An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
diff --git a/site/content/docs/alerts/90011-3.md b/site/content/docs/alerts/90011-3.md
new file mode 100644
index 000000000..8079816c0
--- /dev/null
+++ b/site/content/docs/alerts/90011-3.md
@@ -0,0 +1,27 @@
+---
+title: "Charset Mismatch (Meta Charset Versus Meta Content-Type Charset)"
+alertid: 90011-3
+alertindex: 9001103
+alerttype: "Passive"
+alertcount: 4
+status: release
+type: alert
+risk: Informational
+solution: "Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML."
+references:
+   - https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
+other: "There was a charset mismatch between the META charset and the META content-type encoding declaration: [UTF-8] and [ISO-123] do not match."
+cwe: 436
+wasc: 15
+alerttags: 
+  - CWE-436
+  - POLICY_PENTEST
+  - POLICY_QA_STD
+  - SYSTEMIC
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java"
+help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#id-90011
+---
+This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.
+
+An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
diff --git a/site/content/docs/alerts/90011-4.md b/site/content/docs/alerts/90011-4.md
new file mode 100644
index 000000000..b6e490ca7
--- /dev/null
+++ b/site/content/docs/alerts/90011-4.md
@@ -0,0 +1,27 @@
+---
+title: "Charset Mismatch"
+alertid: 90011-4
+alertindex: 9001104
+alerttype: "Passive"
+alertcount: 4
+status: release
+type: alert
+risk: Informational
+solution: "Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML."
+references:
+   - https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
+other: "There was a charset mismatch between the HTTP Header and the XML encoding declaration: [UTF-8] and [ISO-123] do not match."
+cwe: 436
+wasc: 15
+alerttags: 
+  - CWE-436
+  - POLICY_PENTEST
+  - POLICY_QA_STD
+  - SYSTEMIC
+code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java
+linktext: "org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java"
+help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#id-90011
+---
+This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.
+
+An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
diff --git a/site/content/docs/alerts/90011.md b/site/content/docs/alerts/90011.md
index b34ecfdb0..d685afa59 100644
--- a/site/content/docs/alerts/90011.md
+++ b/site/content/docs/alerts/90011.md
@@ -3,24 +3,21 @@ title: "Charset Mismatch"
 alertid: 90011
 alertindex: 9001100
 alerttype: "Passive"
-alertcount: 1
 status: release
-type: alert
-risk: Informational
-solution: "Force UTF-8 for all text content in both the HTTP header and meta tags in HTML or encoding declarations in XML."
-references:
-   - https://code.google.com/p/browsersec/wiki/Part2#Character_set_handling_and_detection
-other: ""
-cwe: 436
-wasc: 15
-alerttags: 
-  - POLICY_PENTEST
-  - POLICY_QA_STD
-  - SYSTEMIC
+type: alertset
+alerts:
+   90011-1:
+      alertid: 90011-1
+      name: "Charset Mismatch (Header Versus Meta Content-Type Charset)"
+   90011-2:
+      alertid: 90011-2
+      name: "Charset Mismatch (Header Versus Meta Charset)"
+   90011-3:
+      alertid: 90011-3
+      name: "Charset Mismatch (Meta Charset Versus Meta Content-Type Charset)"
+   90011-4:
+      alertid: 90011-4
+      name: "Charset Mismatch"
 code: https://github.com/zaproxy/zap-extensions/blob/main/addOns/pscanrules/src/main/java/org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java
 linktext: "org/zaproxy/zap/extension/pscanrules/CharsetMismatchScanRule.java"
-help: https://www.zaproxy.org/docs/desktop/addons/passive-scan-rules/#id-90011
 ---
-This check identifies responses where the HTTP Content-Type header declares a charset different from the charset defined by the body of the HTML or XML. When there's a charset mismatch between the HTTP header and content body Web browsers can be forced into an undesirable content-sniffing mode to determine the content's correct character set.
-
-An attacker could manipulate content on the page to be interpreted in an encoding of their choice. For example, if an attacker can control content at the beginning of the page, they could inject script using UTF-7 encoded text and manipulate some browsers into interpreting that text.
diff --git a/site/data/alerttags.yml b/site/data/alerttags.yml
index 7509f9140..22ac6b381 100644
--- a/site/data/alerttags.yml
+++ b/site/data/alerttags.yml
@@ -133,6 +133,9 @@ CWE-425:
 CWE-434:
   link: https://cwe.mitre.org/data/definitions/434.html
 
+CWE-436:
+  link: https://cwe.mitre.org/data/definitions/436.html
+
 CWE-472:
   link: https://cwe.mitre.org/data/definitions/472.html