diff --git a/workflow/engine/methods/tools/ajaxListener.php b/workflow/engine/methods/tools/ajaxListener.php
index 32e997f76..687b6e62c 100755
--- a/workflow/engine/methods/tools/ajaxListener.php
+++ b/workflow/engine/methods/tools/ajaxListener.php
@@ -71,7 +71,7 @@ class Ajax
             }
         } catch (Exception $e) {
             $result->success = false;
-            $result->msg = $e->getMessage();
+            $result->msg = htmlspecialchars($e->getMessage());
         }
         print G::json_encode($result);
     }
@@ -93,7 +93,7 @@ class Ajax
             $result->msg = 'Deleted Successfully!';
         } catch (Exception $e) {
             $result->success = false;
-            $result->msg = $e->getMessage();
+            $result->msg = htmlspecialchars($e->getMessage());
         }
         print G::json_encode($result);
     }
@@ -106,7 +106,7 @@ class Ajax
             $result['success'] = true;
         } catch (Exception $e) {
             $result->success = false;
-            $result->msg = $e->getMessage();
+            $result->msg = htmlspecialchars($e->getMessage());
         }
         print G::json_encode($result);
     }
diff --git a/workflow/engine/skinEngine/base/error404.php b/workflow/engine/skinEngine/base/error404.php
index 14fd643ea..1a2ee12f6 100644
--- a/workflow/engine/skinEngine/base/error404.php
+++ b/workflow/engine/skinEngine/base/error404.php
@@ -13,17 +13,29 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
     $sysSys = "";
     $sysLang = "";
     $sysSkin = "";
-
+ 
     if (isset($url[1]) && preg_match("/^sys(.+)$/", $url[1], $match)) {
         $sysSys = $match[1];
-    }
 
+        // Check if sys path exists
+        $checkDir = PATH_DATA."sites/".$sysSys;
+        if(!is_dir($checkDir)) { 
+            $sysSys = '';
+        }
+    }
+    
     if (isset($url[2])) {
         $sysLang = $url[2];
     }
 
     if (isset($url[3])) {
         $sysSkin = $url[3];
+        
+        // Check if sys path exists
+        $checkDir = PATH_SKIN_ENGINE.$sysSkin;
+        if(!is_dir($checkDir)) { 
+            $sysSkin = '';
+        }
     }
 
     if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {
diff --git a/workflow/engine/skinEngine/neoclassic/error404.php b/workflow/engine/skinEngine/neoclassic/error404.php
index 83e1555ef..a9ba60628 100644
--- a/workflow/engine/skinEngine/neoclassic/error404.php
+++ b/workflow/engine/skinEngine/neoclassic/error404.php
@@ -30,10 +30,6 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
     
     if (isset($url[2])) {
         $sysLang = $url[2];
-        
-        if($sysLang != 'en') { 
-            var_dump($sysLang);
-        }
     }
 
     if (isset($url[3])) {
@@ -44,7 +40,6 @@ if (isset($_GET["url"]) && $_GET["url"] != "") {
         if(!is_dir($checkDir)) { 
             $sysSkin = '';
         }
-
     }
 
     if ($sysSys != "" && $sysLang != "" && $sysSkin != "") {