diff --git a/cron/index.cgi b/cron/index.cgi
index 7a6ae9bb2..0361682aa 100755
--- a/cron/index.cgi
+++ b/cron/index.cgi
@@ -108,7 +108,7 @@ foreach $u (@ulist) {
 			$cmdidx = scalar(@cols);
 			push(@cols, &ui_link("edit_env.cgi?idx=".$idx,
 				   "<i>$text{'index_env'}</i> ".
-				   "<tt>$job->{'name'} = $job->{'value'}</tt>") );
+				   "<tt>@{[&html_escape($job->{'name'})]} = @{[&html_escape($job->{'value'})]}</tt>") );
 			$donelink = 1;
 			}
 		elsif (@exp && $access{'command'}) {
@@ -156,7 +156,7 @@ foreach $u (@ulist) {
 
 		# Show comment
 		if ($config{'show_comment'} || $userconfig{'show_comment'}) {
-			push(@cols, $job->{'comment'});
+			push(@cols, &html_escape($job->{'comment'}));
 			}
 
 		# Show next run time
diff --git a/mailcap/index.cgi b/mailcap/index.cgi
index 98cc71978..044007cfb 100755
--- a/mailcap/index.cgi
+++ b/mailcap/index.cgi
@@ -23,8 +23,8 @@ if (@mailcap) {
 	foreach $m (@mailcap) {
 		print &ui_checked_columns_row([
 			&ui_link("edit.cgi?index=".$m->{'index'}, $m->{'type'}),
-			$m->{'program'},
-			$m->{'cmt'} || $m->{'args'}->{'description'},
+			&html_escape($m->{'program'}),
+			&html_escape($m->{'cmt'} || $m->{'args'}->{'description'}),
 			$m->{'enabled'} ? $text{'yes'} :
 			    "<font color=#ff0000>$text{'no'}</font>",
 			], \@tds, "d", $m->{'index'});
diff --git a/webmin/gnupg-lib.pl b/webmin/gnupg-lib.pl
index 4ca0acf46..e399a3a2d 100755
--- a/webmin/gnupg-lib.pl
+++ b/webmin/gnupg-lib.pl
@@ -34,8 +34,8 @@ while(<GPG>) {
 		my $k = { 'size' => $1,
 			  'key' => $2,
 			  'date' => $3,
-			  'name' => $4 ? [ $4 ] : [ ],
-			  'email' => $5 ? [ $5 ] : $4 ? [ "" ] : [ ],
+			  'name' => &filter_javascript($4) ? [ &filter_javascript($4) ] : [ ],
+			  'email' => &filter_javascript($5) ? [ &filter_javascript($5) ] : &filter_javascript($4) ? [ "" ] : [ ],
 			  'index' => scalar(@rv) };
 		if ($k->{'name'}->[0] &&
 		    $k->{'name'}->[0] =~ /\[(expires|expired):\s+(\S+)\]/) {
@@ -54,8 +54,8 @@ while(<GPG>) {
 			elsif (/^uid\s+\[[^\]]+\]\s+(.*)\s+<(\S+)>/ ||
 			       /^uid\s+(.*)\s+<(\S+)>/ ||
 			       /^uid\s+(.*)/) {
-				push(@{$k->{'name'}}, $1);
-				push(@{$k->{'email'}}, $2);
+				push(@{$k->{'name'}}, &filter_javascript($1));
+				push(@{$k->{'email'}}, &filter_javascript($2));
 				}
 			elsif (/^\s+([A-F0-9]{0,40})/) {
 				$k->{'key'} = $1;