diff --git a/htdocs/adherents/card.php b/htdocs/adherents/card.php
index d7a05a1805e..a13367326fa 100644
--- a/htdocs/adherents/card.php
+++ b/htdocs/adherents/card.php
@@ -1454,7 +1454,7 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
// Login
if (empty($conf->global->ADHERENT_LOGIN_NOT_REQUIRED)) {
- print '| '.$langs->trans("Login").' / '.$langs->trans("Id").' | '.$object->login.' |
';
+ print '| '.$langs->trans("Login").' / '.$langs->trans("Id").' | '.dol_escape_htmltag($object->login).' |
';
}
// Type
@@ -1471,10 +1471,10 @@ if (is_object($objcanvas) && $objcanvas->displayCanvasExists($action)) {
print '';
// Company
- print '| '.$langs->trans("Company").' | '.$object->company.' |
';
+ print '| '.$langs->trans("Company").' | '.dol_escape_htmltag($object->company).' |
';
// Civility
- print '| '.$langs->trans("UserTitle").' | '.$object->getCivilityLabel().' | ';
+ print '
| '.$langs->trans("UserTitle").' | '.$object->getCivilityLabel().' | ';
print '
';
// Password
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 995327bdee2..0c73df30c75 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -87,9 +87,10 @@ function testSqlAndScriptInject($val, $type)
// When it found '