diff --git a/includes/html/forms/alert-templates.inc.php b/includes/html/forms/alert-templates.inc.php
index 57d481972f..4b967e2f77 100644
--- a/includes/html/forms/alert-templates.inc.php
+++ b/includes/html/forms/alert-templates.inc.php
@@ -91,6 +91,6 @@ try {
     $message .= $e->getMessage();
 }
 
-$response = ['status' => $status, 'message' => $message, 'newid' => $template_newid];
+$response = ['status' => htmlentities($status), 'message' => htmlentities($message), 'newid' => $template_newid];
 
 echo json_encode($response, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES | JSON_UNESCAPED_UNICODE);
diff --git a/includes/html/modal/alert_template.inc.php b/includes/html/modal/alert_template.inc.php
index 1740c1bed0..e8ad59dd03 100644
--- a/includes/html/modal/alert_template.inc.php
+++ b/includes/html/modal/alert_template.inc.php
@@ -201,7 +201,9 @@ function alertTemplateAjaxOps(template, name, template_id, title, title_rec, rul
                         }
                     });
                 } else {
-                    var newrow = [{id: output.newid, templatename: name, alert_rules: JSON.stringify(row_rules)}];
+
+                    var escaped_name = new Option(name).innerHTML;
+                    var newrow = [{id: output.newid, templatename: escaped_name, alert_rules: JSON.stringify(row_rules)}];
                     $('#templatetable').bootgrid("append", newrow);
                 }
             } else {