diff --git a/includes/html/print-alert-rules.php b/includes/html/print-alert-rules.php
index 2cb27d160e81..89ab9a7b6fab 100644
--- a/includes/html/print-alert-rules.php
+++ b/includes/html/print-alert-rules.php
@@ -283,7 +283,7 @@
$location_query = 'SELECT locations.location, locations.id FROM alert_location_map, locations WHERE alert_location_map.rule_id=? and alert_location_map.location_id = locations.id ORDER BY location';
$location_maps = dbFetchRows($location_query, [$rule['id']]);
foreach ($location_maps as $location_map) {
- $locations .= $except_device_or_group . '' . $location_map['location'] . '
';
+ $locations .= $except_device_or_group . '' . htmlentities($location_map['location']) . '
';
}
}
@@ -292,7 +292,7 @@
$group_query = 'SELECT device_groups.name, device_groups.id FROM alert_group_map, device_groups WHERE alert_group_map.rule_id=? and alert_group_map.group_id = device_groups.id ORDER BY name';
$group_maps = dbFetchRows($group_query, [$rule['id']]);
foreach ($group_maps as $group_map) {
- $groups .= $except_device_or_group . '' . $group_map['name'] . '
';
+ $groups .= $except_device_or_group . '' . htmlentities($group_map['name']) . '
';
}
}
@@ -301,7 +301,7 @@
$device_query = 'SELECT devices.device_id,devices.hostname FROM alert_device_map, devices WHERE alert_device_map.rule_id=? and alert_device_map.device_id = devices.device_id ORDER BY hostname';
$device_maps = dbFetchRows($device_query, [$rule['id']]);
foreach ($device_maps as $device_map) {
- $devices .= $except_device_or_group . '' . $device_map['hostname'] . '
';
+ $devices .= $except_device_or_group . '' . htmlentities($device_map['hostname']) . '
';
}
}