diff --git a/includes/html/forms/add-dashboard.inc.php b/includes/html/forms/add-dashboard.inc.php
index 0e9d357fd17b..d33f07c0f4b6 100644
--- a/includes/html/forms/add-dashboard.inc.php
+++ b/includes/html/forms/add-dashboard.inc.php
@@ -34,7 +34,7 @@
$status = 'error';
$message = 'unknown error';
-$dashboard_name = trim($_REQUEST['dashboard_name']);
+$dashboard_name = trim(strip_tags($_REQUEST['dashboard_name']));
if (! empty($dashboard_name) && ($dash_id = dbInsert(['dashboard_name' => $dashboard_name, 'user_id' => Auth::id()], 'dashboards'))) {
$status = 'ok';
diff --git a/includes/html/forms/customoid.inc.php b/includes/html/forms/customoid.inc.php
index aa10034c360b..454925f128b5 100644
--- a/includes/html/forms/customoid.inc.php
+++ b/includes/html/forms/customoid.inc.php
@@ -17,9 +17,9 @@
$device_id = $_POST['device_id'];
$id = $_POST['ccustomoid_id'];
$action = $_POST['action'];
-$name = $_POST['name'];
-$oid = $_POST['oid'];
-$datatype = $_POST['datatype'];
+$name = strip_tags($_POST['name']);
+$oid = strip_tags($_POST['oid']);
+$datatype = strip_tags($_POST['datatype']);
if (empty(($_POST['unit']))) {
$unit = ['NULL'];
} else {
diff --git a/includes/html/forms/transport-groups.inc.php b/includes/html/forms/transport-groups.inc.php
index 62dae3cd68d2..535c137304b4 100644
--- a/includes/html/forms/transport-groups.inc.php
+++ b/includes/html/forms/transport-groups.inc.php
@@ -35,7 +35,7 @@
$message = '';
$group_id = $vars['group_id'];
-$name = $vars['name'];
+$name = strip_tags($vars['name']);
$target_members = [];
foreach ((array) $vars['members'] as $target) {