diff --git a/bundles/AdminBundle/Controller/Admin/SettingsController.php b/bundles/AdminBundle/Controller/Admin/SettingsController.php
index b706d5eb1bd..99b96aeac2c 100644
--- a/bundles/AdminBundle/Controller/Admin/SettingsController.php
+++ b/bundles/AdminBundle/Controller/Admin/SettingsController.php
@@ -1331,6 +1331,11 @@ public function thumbnailUpdateAction(Request $request)
         });
 
         foreach ($mediaData as $mediaName => $items) {
+
+            if(preg_match('/["<>]/', $mediaName)) {
+                throw new \Exception('Invalid media query name');
+            }
+
             foreach ($items as $item) {
                 $type = $item['type'];
                 unset($item['type']);
diff --git a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
index 937ea503078..a9f45c56ebd 100644
--- a/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
+++ b/bundles/AdminBundle/Resources/public/js/pimcore/settings/thumbnail/item.js
@@ -216,6 +216,10 @@ pimcore.settings.thumbnail.item = Class.create({
             name = '(max-width: ' + name.replace("w", "") + 'px)';
         }
 
+        if(name.match(/["<>]/)) {
+            return;
+        }
+
         if (this.medias[name]) {
             return;
         }