diff --git a/CHANGELOG b/CHANGELOG
index 73dcf92c0..173f5e1be 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,6 +12,9 @@ o [NSE][GH#2183][GH#3239] Script hostmap-crtsh now reports only true subdomains
   necessarily as a suffix). The old behavior can be enabled by setting script
   argument hostmap-crtsh.lax. [Sweekar-cmd, nnposter]
 
+o [NSE] Function url.parse was not properly parsing URLs with query strings
+  but empty paths. [nnposter]
+
 o [NSE][GH#3253] Function stdnse.make_buffer now accepts an extra parameter
   that allows preloading the newly created buffer with data. [nnposter]
 
diff --git a/nselib/url.lua b/nselib/url.lua
index 6db81ed48..a62a8f1b8 100644
--- a/nselib/url.lua
+++ b/nselib/url.lua
@@ -202,6 +202,11 @@ function parse(url, default)
     parsed.fragment = f
     return ""
   end)
+  -- get query string
+  url = string.gsub(url, "%?(.*)", function(q)
+    parsed.query = q
+    return ""
+  end)
   -- get scheme. Lower-case according to RFC 3986 section 3.1.
   url = string.gsub(url, "^(%w[%w.+-]*):",
   function(s) parsed.scheme = string.lower(s); return "" end)
@@ -210,11 +215,6 @@ function parse(url, default)
     parsed.authority = n
     return ""
   end)
-  -- get query stringing
-  url = string.gsub(url, "%?(.*)", function(q)
-    parsed.query = q
-    return ""
-  end)
   -- get params
   url = string.gsub(url, "%;(.*)", function(p)
     parsed.params = p
@@ -509,6 +509,16 @@ local test_urls = {
     },
     _nil = {"scheme", "userinfo", "port", "params", "extension"}
   },
+  { _url = "//example?k1=v1&k2=v2",
+    _res = {
+      authority = "example",
+      host = "example",
+      path = "",
+      query = "k1=v1&k2=v2",
+      is_folder = false,
+    },
+    _nil = {"scheme", "userinfo", "port", "params", "extension", "fragment"}
+  },
 }
 for _, t in ipairs(test_urls) do
   local result = parse(t._url)