diff --git a/htdocs/comm/mailing/cibles.php b/htdocs/comm/mailing/cibles.php
index 95639a25997..aaf100d191a 100644
--- a/htdocs/comm/mailing/cibles.php
+++ b/htdocs/comm/mailing/cibles.php
@@ -640,10 +640,10 @@ if ($object->fetch($id) >= 0) {
 				$obj = $db->fetch_object($resql);
 
 				print '<tr class="oddeven">';
-				print '<td class="tdoverflowmax150">'.img_picto('$obj->email', 'email', 'class="paddingright"').$obj->email.'</td>';
-				print '<td class="tdoverflowmax150" title="'.dol_escape_htmltag($obj->lastname).'">'.$obj->lastname.'</td>';
-				print '<td class="tdoverflowmax150" title="'.dol_escape_htmltag($obj->firstname).'">'.$obj->firstname.'</td>';
-				print '<td>'.$obj->other.'</td>';
+				print '<td class="tdoverflowmax150">'.img_picto('$obj->email', 'email', 'class="paddingright"').dol_escape_htmltag($obj->email).'</td>';
+				print '<td class="tdoverflowmax150" title="'.dol_escape_htmltag($obj->lastname).'">'.dol_escape_htmltag($obj->lastname).'</td>';
+				print '<td class="tdoverflowmax150" title="'.dol_escape_htmltag($obj->firstname).'">'.dol_escape_htmltag($obj->firstname).'</td>';
+				print '<td>'.dol_escape_htmltag($obj->other).'</td>';
 				print '<td class="center tdoverflowmax150">';
 				if (empty($obj->source_id) || empty($obj->source_type)) {
 					print empty($obj->source_url) ? '' : $obj->source_url; // For backward compatibility
diff --git a/htdocs/core/modules/mailings/contacts1.modules.php b/htdocs/core/modules/mailings/contacts1.modules.php
index e3e349d2a17..decbc81716b 100644
--- a/htdocs/core/modules/mailings/contacts1.modules.php
+++ b/htdocs/core/modules/mailings/contacts1.modules.php
@@ -310,7 +310,7 @@ class mailing_contacts1 extends MailingTargets
 		// Choose language
 		require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
 		$formadmin = new FormAdmin($this->db);
-		$s .= $langs->trans("DefaultLang").': ';
+		$s .= '<span class="opacitymedium">'.$langs->trans("DefaultLang").':</span> ';
 		$s .= $formadmin->select_language($langs->getDefaultLang(1), 'filter_lang', 0, 0, 1, 0, 0, '', 0, 0, 0, null, 1);
 
 		return $s;
diff --git a/htdocs/core/modules/mailings/thirdparties.modules.php b/htdocs/core/modules/mailings/thirdparties.modules.php
index 073d45439eb..89bc2cf2b5e 100644
--- a/htdocs/core/modules/mailings/thirdparties.modules.php
+++ b/htdocs/core/modules/mailings/thirdparties.modules.php
@@ -117,6 +117,10 @@ class mailing_thirdparties extends MailingTargets
 				$addFilter .= " AND s.default_lang LIKE '".$this->db->escape(GETPOST('default_lang', 'alpha'))."%'";
 				$addDescription = $langs->trans('DefaultLang')."=";
 			}
+			if (GETPOST('filter_lang_thirdparties', 'alpha')) {
+				$addFilter .= " AND s.default_lang LIKE '".$this->db->escape(GETPOST('filter_lang_thirdparties', 'alpha'))."%'";
+				$addDescription = $langs->trans('DefaultLang')."=";
+			}
 
 			$sql = "SELECT s.rowid as id, s.email as email, s.nom as name, null as fk_contact, null as firstname, c.label as label";
 			$sql .= " FROM ".MAIN_DB_PREFIX."societe as s, ".MAIN_DB_PREFIX."categorie_societe as cs, ".MAIN_DB_PREFIX."categorie as c";
@@ -315,8 +319,8 @@ class mailing_thirdparties extends MailingTargets
 		// Choose language
 		require_once DOL_DOCUMENT_ROOT.'/core/class/html.formadmin.class.php';
 		$formadmin = new FormAdmin($this->db);
-		$s .= $langs->trans("DefaultLang").': ';
-		$s .= $formadmin->select_language($langs->getDefaultLang(1), 'filter_lang', 0, 0, 1, 0, 0, '', 0, 0, 0, null, 1);
+		$s .= '<span class="opacitymedium">'.$langs->trans("DefaultLang").':</span> ';
+		$s .= $formadmin->select_language($langs->getDefaultLang(1), 'filter_lang_thirdparties', 0, null, 1, 0, 0, '', 0, 0, 0, null, 1);
 
 		return $s;
 	}
diff --git a/htdocs/core/modules/mailings/xinputfile.modules.php b/htdocs/core/modules/mailings/xinputfile.modules.php
index 77044ddb29e..9a80484f83b 100644
--- a/htdocs/core/modules/mailings/xinputfile.modules.php
+++ b/htdocs/core/modules/mailings/xinputfile.modules.php
@@ -151,10 +151,12 @@ class mailing_xinputfile extends MailingTargets
 						$cpt++;
 						$buffer = trim(fgets($handle));
 						$tab = explode(';', $buffer, 4);
-						$email = $tab[0];
-						$name = $tab[1];
-						$firstname = $tab[2];
-						$other = $tab[3];
+
+						$email = dol_string_nohtmltag($tab[0]);
+						$name = dol_string_nohtmltag(empty($tab[1]) ? '' : $tab[1]);
+						$firstname = dol_string_nohtmltag(empty($tab[2]) ? '' : $tab[2]);
+						$other = dol_string_nohtmltag(empty($tab[3]) ? '' : $tab[3]);
+
 						if (!empty($buffer)) {
 							//print 'xx'.dol_strlen($buffer).empty($buffer)."<br>\n";
 							if (isValidEMail($email)) {
diff --git a/htdocs/core/modules/mailings/xinputuser.modules.php b/htdocs/core/modules/mailings/xinputuser.modules.php
index 117a5722c3c..74ed18ba91f 100644
--- a/htdocs/core/modules/mailings/xinputuser.modules.php
+++ b/htdocs/core/modules/mailings/xinputuser.modules.php
@@ -127,10 +127,11 @@ class mailing_xinputuser extends MailingTargets
 		require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
 
 		$tmparray = explode(';', GETPOST('xinputuser'));
+
 		$email = $tmparray[0];
-		$lastname = $tmparray[1];
-		$firstname = $tmparray[2];
-		$other = $tmparray[3];
+		$lastname = empty($tmparray[1]) ? '' : $tmparray[1];
+		$firstname = empty($tmparray[2]) ? '' : $tmparray[2];
+		$other = empty($tmparray[3]) ? '' : $tmparray[3];
 
 		$cibles = array();
 		if (!empty($email)) {