diff --git a/includes/html/forms/add-dashboard.inc.php b/includes/html/forms/add-dashboard.inc.php
index 0e9d357fd17b..d33f07c0f4b6 100644
--- a/includes/html/forms/add-dashboard.inc.php
+++ b/includes/html/forms/add-dashboard.inc.php
@@ -34,7 +34,7 @@
 $status = 'error';
 $message = 'unknown error';
 
-$dashboard_name = trim($_REQUEST['dashboard_name']);
+$dashboard_name = trim(strip_tags($_REQUEST['dashboard_name']));
 
 if (! empty($dashboard_name) && ($dash_id = dbInsert(['dashboard_name' => $dashboard_name, 'user_id' => Auth::id()], 'dashboards'))) {
     $status = 'ok';
diff --git a/includes/html/forms/customoid.inc.php b/includes/html/forms/customoid.inc.php
index aa10034c360b..454925f128b5 100644
--- a/includes/html/forms/customoid.inc.php
+++ b/includes/html/forms/customoid.inc.php
@@ -17,9 +17,9 @@
 $device_id = $_POST['device_id'];
 $id = $_POST['ccustomoid_id'];
 $action = $_POST['action'];
-$name = $_POST['name'];
-$oid = $_POST['oid'];
-$datatype = $_POST['datatype'];
+$name = strip_tags($_POST['name']);
+$oid = strip_tags($_POST['oid']);
+$datatype = strip_tags($_POST['datatype']);
 if (empty(($_POST['unit']))) {
     $unit = ['NULL'];
 } else {
diff --git a/includes/html/forms/transport-groups.inc.php b/includes/html/forms/transport-groups.inc.php
index 62dae3cd68d2..535c137304b4 100644
--- a/includes/html/forms/transport-groups.inc.php
+++ b/includes/html/forms/transport-groups.inc.php
@@ -35,7 +35,7 @@
 $message = '';
 
 $group_id = $vars['group_id'];
-$name = $vars['name'];
+$name = strip_tags($vars['name']);
 
 $target_members = [];
 foreach ((array) $vars['members'] as $target) {