diff --git a/phpmyfaq/contact.php b/phpmyfaq/contact.php
index e66f8dd0da..27a9a9c4c4 100644
--- a/phpmyfaq/contact.php
+++ b/phpmyfaq/contact.php
@@ -49,7 +49,7 @@
         'msgContactOwnText' => nl2br(Strings::htmlspecialchars($faqConfig->get('main.contactInformations'))),
         'msgContactEMail' => $PMF_LANG['msgContactEMail'],
         'msgContactPrivacyNote' => $PMF_LANG['msgContactPrivacyNote'],
-        'privacyURL' => $faqConfig->get('main.privacyURL'),
+        'privacyURL' => Strings::htmlentities($faqConfig->get('main.privacyURL')),
         'msgPrivacyNote' => $PMF_LANG['msgPrivacyNote'],
         'msgNewContentName' => $PMF_LANG['msgNewContentName'],
         'msgNewContentMail' => $PMF_LANG['msgNewContentMail'],
diff --git a/phpmyfaq/index.php b/phpmyfaq/index.php
index a0f2cd1ccc..2f06ce265c 100755
--- a/phpmyfaq/index.php
+++ b/phpmyfaq/index.php
@@ -619,7 +619,7 @@
         'msgGlossary' => '<a href="./glossary.html">' . $PMF_LANG['ad_menu_glossary'] . '</a>',
         'privacyLink' => sprintf(
             '<a target="_blank" href="%s">%s</a>',
-            $faqConfig->get('main.privacyURL'),
+            Strings::htmlentities($faqConfig->get('main.privacyURL')),
             $PMF_LANG['msgPrivacyNote']
         ),
         'backToHome' => '<a href="./index.html">' . $PMF_LANG['msgHome'] . '</a>',
@@ -642,7 +642,7 @@
         'msgGlossary' => '<a href="index.php?' . $sids . 'action=glossary">' . $PMF_LANG['ad_menu_glossary'] . '</a>',
         'privacyLink' => sprintf(
             '<a target="_blank" href="%s">%s</a>',
-            $faqConfig->get('main.privacyURL'),
+            Strings::htmlentities($faqConfig->get('main.privacyURL')),
             $PMF_LANG['msgPrivacyNote']
         ),
         'allCategories' => '<a class="nav-link" href="index.php?' . $sids . 'action=show">' .
diff --git a/phpmyfaq/request-removal.php b/phpmyfaq/request-removal.php
index 554273ae41..d4dfc15adc 100644
--- a/phpmyfaq/request-removal.php
+++ b/phpmyfaq/request-removal.php
@@ -18,6 +18,7 @@
 use phpMyFAQ\Captcha;
 use phpMyFAQ\Core\Exception;
 use phpMyFAQ\Helper\CaptchaHelper;
+use phpMyFAQ\Strings;
 use phpMyFAQ\User\CurrentUser;
 
 if (!defined('IS_VALID_PHPMYFAQ')) {
@@ -50,7 +51,7 @@
         'msgContactRemove' => $PMF_LANG['msgContactRemove'],
         'msgContactPrivacyNote' => $PMF_LANG['msgContactPrivacyNote'],
         'msgPrivacyNote' => $PMF_LANG['msgPrivacyNote'],
-        'privacyURL' => $faqConfig->get('main.privacyURL'),
+        'privacyURL' => Strings::htmlentities($faqConfig->get('main.privacyURL')),
         'msgNewContentName' => $PMF_LANG['msgNewContentName'],
         'msgNewContentMail' => $PMF_LANG['msgNewContentMail'],
         'ad_user_loginname' => $PMF_LANG['ad_user_loginname'],