diff --git a/workflow/engine/classes/class.pmDashlet.php b/workflow/engine/classes/class.pmDashlet.php
index f26ea6560..4c7e12428 100644
--- a/workflow/engine/classes/class.pmDashlet.php
+++ b/workflow/engine/classes/class.pmDashlet.php
@@ -324,7 +324,7 @@ class PMDashlet extends DashletInstance implements DashletInterface
                 }
             }
             foreach ($dashletsInstances as $key => $field) {
-                $dashletsInstances[$key]['DAS_TITLE'] = $field['DAS_TITLE'] . '</span><span style="float:right; font: bold;" id="'. $field['DAS_INS_UID'] .'">';
+                $dashletsInstances[$key]['DAS_TITLE'] = htmlentities($field['DAS_TITLE'], ENT_QUOTES, 'UTF-8') . '</span><span style="float:right; font: bold;" id="'. $field['DAS_INS_UID'] .'">';
             }
             // Check for role assigments
             // ToDo: Next release
diff --git a/workflow/engine/templates/dashboard/dashletsList.js b/workflow/engine/templates/dashboard/dashletsList.js
index dd583174e..1018b53bf 100644
--- a/workflow/engine/templates/dashboard/dashletsList.js
+++ b/workflow/engine/templates/dashboard/dashletsList.js
@@ -185,10 +185,10 @@ Ext.onReady(function(){
     }
   });
 
-  function formatLineWrap(value){
-      str = '<div class="title-dashboard-text">'+value+'</div>';
-      return str;
-  }
+    function formatLineWrap(value) {
+        var str = '<div class="title-dashboard-text">' + Ext.util.Format.htmlEncode(value) + '</div>';
+        return str;
+    }
 
   cmodel = new Ext.grid.ColumnModel({
     defaults: {