diff --git a/html/main.php b/html/main.php
index 4cc898d6e236a59b135dcf66aa296b31edd4d594..6cc1799e886e126a4948cb65d812019a6ea1f65f 100644
--- a/html/main.php
+++ b/html/main.php
@@ -113,7 +113,7 @@ if (($expired == POSIX_WARN_ABOUT_EXPIRATION) && !session::is_set('POSIX_WARN_AB
 
   // The users password is about to expire soon, display a warning message.
   logging::log('security', 'fusiondirectory', '', [], 'password for user "'.$ui->uid.'" is about to expire');
-  msg_dialog::display(_('Password change'), _('Your password is about to expire, please change your password!'), INFO_DIALOG);
+  msg_dialog::display(_('Password change'), htmlescape(_('Your password is about to expire, please change your password!')), INFO_DIALOG);
   session::set('POSIX_WARN_ABOUT_EXPIRATION__DONE', TRUE);
 } elseif ($expired == POSIX_FORCE_PASSWORD_CHANGE) {
   logging::debug(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $expired, 'This user account expired');
diff --git a/include/simpleplugin/class_simplePlugin.inc b/include/simpleplugin/class_simplePlugin.inc
index 666b8b8cbdbfca38f107b80365e22de1b234c1cc..dbf737d70dbdc4499e57587b4328ff34e4ce3f8c 100644
--- a/include/simpleplugin/class_simplePlugin.inc
+++ b/include/simpleplugin/class_simplePlugin.inc
@@ -1570,7 +1570,7 @@ class simplePlugin implements SimpleTab
         $str = implode("\n", $arr);
         logging::debug(DEBUG_SHELL, __LINE__, __FUNCTION__, __FILE__, $command, 'Output: '.$str);
         if (!empty($str) && $config->get_cfg_value('displayHookOutput', 'FALSE') == 'TRUE') {
-          msg_dialog::display('['.get_class($this).' '.strtolower($cmd).'trigger] '.$command, $str, INFO_DIALOG);
+          msg_dialog::display('['.get_class($this).' '.strtolower($cmd).'trigger] '.$command, htmlescape($str), INFO_DIALOG);
         }
       }
     }
diff --git a/plugins/admin/groups/class_groupManagement.inc b/plugins/admin/groups/class_groupManagement.inc
index e1ce7c4ecd33d69657705a04699602d6a3afda63..e6f0591936445bc77ad7deb2760a880238fd7b7a 100644
--- a/plugins/admin/groups/class_groupManagement.inc
+++ b/plugins/admin/groups/class_groupManagement.inc
@@ -192,12 +192,12 @@ class groupManagement extends management
           $error->display();
         } else {
           if (is_array($res) && count($res) > 1) {
-            msg_dialog::display(_('Action triggered'), sprintf(_('Action called without error (results were "%s")'), implode(', ', $res)), INFO_DIALOG);
+            msg_dialog::display(_('Action triggered'), htmlescape(sprintf(_('Action called without error (results were "%s")'), implode(', ', $res))), INFO_DIALOG);
           } else {
             if (is_array($res)) {
               $res = $res[0];
             }
-            msg_dialog::display(_('Action triggered'), sprintf(_('Action called without error (result was "%s")'), $res), INFO_DIALOG);
+            msg_dialog::display(_('Action triggered'), htmlescape(sprintf(_('Action called without error (result was "%s")'), $res)), INFO_DIALOG);
           }
         }
         $this->closeDialogs();