diff --git a/workflow/engine/methods/roles/data_rolesList.php b/workflow/engine/methods/roles/data_rolesList.php
index fdbf824fe..31742662d 100755
--- a/workflow/engine/methods/roles/data_rolesList.php
+++ b/workflow/engine/methods/roles/data_rolesList.php
@@ -24,6 +24,9 @@
 
 require_once (PATH_RBAC . "model/RolesPeer.php");
 G::LoadClass( 'ArrayPeer' );
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_POST = $filter->xssFilterHard($_POST);
 
 isset( $_POST['textFilter'] ) ? $filter = $_POST['textFilter'] : $filter = '';
 
diff --git a/workflow/engine/methods/roles/data_rolesPermissions.php b/workflow/engine/methods/roles/data_rolesPermissions.php
index 40a545f00..3d368d765 100755
--- a/workflow/engine/methods/roles/data_rolesPermissions.php
+++ b/workflow/engine/methods/roles/data_rolesPermissions.php
@@ -22,6 +22,10 @@
  * Coral Gables, FL, 33134, USA, or email info@colosa.com.
  */
 
+G::LoadSystem('inputfilter');
+$filter = new InputFilter();
+$_GET = $filter->xssFilterHard($_GET);
+$_REQUEST = $filter->xssFilterHard($_REQUEST);
 $ROL_UID = $_GET['rUID'];
 $TYPE_DATA = $_GET["type"];
 
diff --git a/workflow/engine/methods/services/Rest/CURLMessage.php b/workflow/engine/methods/services/Rest/CURLMessage.php
index 3017ade84..ac27b47a0 100644
--- a/workflow/engine/methods/services/Rest/CURLMessage.php
+++ b/workflow/engine/methods/services/Rest/CURLMessage.php
@@ -122,7 +122,10 @@ abstract class CURLMessage
      */
     public function displayResponse ()
     {
+        G::LoadSystem('inputfilter');
+        $filter = new InputFilter();
         $error = curl_error( $this->ch );
+        $error = $filter->xssFilterHard($error);
         $result = array ('header' => '','body' => '','curl_error' => '','http_code' => '','last_url' => ''
         );
         if ($error != "") {
@@ -130,12 +133,15 @@ abstract class CURLMessage
             return $result;
         }
         $response = $this->output;
+        $response = $filter->xssFilterHard($response);
         $header_size = curl_getinfo( $this->ch, CURLINFO_HEADER_SIZE );
         $result['header'] = substr( $response, 0, $header_size );
         $result['body'] = substr( $response, $header_size );
         $result['http_code'] = curl_getinfo( $this->ch, CURLINFO_HTTP_CODE );
         $result['last_url'] = curl_getinfo( $this->ch, CURLINFO_EFFECTIVE_URL );
+        $result = $filter->xssFilterHard($result);
 
+        $this->type = $filter->xssFilterHard($this->type);
         echo $this->type . " Response: " . $response . "<BR>";
         foreach ($result as $index => $data) {
             if ($data != "") {