diff --git a/webui/system/misc.php b/webui/system/misc.php
index 5300a493..bfd05fb7 100644
--- a/webui/system/misc.php
+++ b/webui/system/misc.php
@@ -27,6 +27,8 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = '
 
    $db = Registry::get('db');
 
+   $description = htmlspecialchars($description);
+
    $query = $db->query("INSERT INTO " . TABLE_AUDIT . " (ts, email, domain, action, ipaddr, meta_id, description) VALUES(?,?,?,?,?,?,?)", array(time(), $email, $a[1], $action, $ipaddr, $id, $description));
 
    return $db->countAffected();
diff --git a/webui/view/theme/default/templates/search/load.tpl b/webui/view/theme/default/templates/search/load.tpl
index a09062d8..e12dac05 100644
--- a/webui/view/theme/default/templates/search/load.tpl
+++ b/webui/view/theme/default/templates/search/load.tpl
@@ -10,7 +10,7 @@
          if(isset($s['search'])) {
 ?>
          <tr>
-            <td><a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print $s['search']; ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></td>
+            <td><a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print htmlspecialchars($s['search']); ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></td>
             <td>&nbsp;</td>
          </tr>
 <?php } } ?>
diff --git a/webui/view/theme/mobile/templates/search/load.tpl b/webui/view/theme/mobile/templates/search/load.tpl
index 0502974f..e0ee9b6c 100644
--- a/webui/view/theme/mobile/templates/search/load.tpl
+++ b/webui/view/theme/mobile/templates/search/load.tpl
@@ -18,7 +18,7 @@
          if(isset($s['search']) && $s['search']) {
 ?>
          <div class="resultrow center">
-            <a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print $s['search']; ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></br />
+            <a href="#" onclick="Piler.load_search_results_for_saved_query('<?php print urlencode($term['term']); ?>');"><?php print htmlspecialchars($s['search']); ?></a> | <a href="#" class="menulink" onclick="Piler.remove_saved_search_term(<?php print $term['ts']; ?>); return false;"><?php print $text_remove; ?></a></br />
          </div>
 <?php } } ?>