diff --git a/Theme/Backend/kanban-board.tpl.php b/Theme/Backend/kanban-board.tpl.php
index 3bdad9a..7e6d986 100644
--- a/Theme/Backend/kanban-board.tpl.php
+++ b/Theme/Backend/kanban-board.tpl.php
@@ -5,16 +5,16 @@ $columns = $board->getColumns();
 ?>
 <div class="row">
     <?php $i = 0; foreach($columns as $column) : $i++; $cards = $column->getCards(); ?>
-    <div id="kanban-column-<?= $i; ?>" class="col-xs-12 col-sm-3" draggable="true">
-        <header><?= $column->getName(); ?></header>
+    <div id="kanban-column-<?= htmlspecialchars($i, ENT_COMPAT, 'utf-8'); ?>" class="col-xs-12 col-sm-3" draggable="true">
+        <header><?= htmlspecialchars($column->getName(), ENT_COMPAT, 'utf-8'); ?></header>
         <?php $j = 0; foreach($cards as $card) : $j++; $labels = $card->getLabels(); ?>
-            <a href="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/kanban/card?{?}&id=' . $card->getId()) ?>">
-            <section id="kanban-card-<?= $i . '-' . $j; ?>" class="box wf-100" draggable="true">
-                <header><h1><?= $card->getName(); ?></h1></header>
+            <a href="<?= htmlspecialchars(\phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/kanban/card?{?}&id=' . $card->getId()) , ENT_COMPAT, 'utf-8'); ?>">
+            <section id="kanban-card-<?= htmlspecialchars($i . '-' . $j, ENT_COMPAT, 'utf-8'); ?>" class="box wf-100" draggable="true">
+                <header><h1><?= htmlspecialchars($card->getName(), ENT_COMPAT, 'utf-8'); ?></h1></header>
                 <div class="inner">
-                    <?= $card->getDescription(); ?>
+                    <?= htmlspecialchars($card->getDescription(), ENT_COMPAT, 'utf-8'); ?>
                     <?php foreach($labels as $label) : ?>
-                    <span class="tag" style="background: #<?= dechex($label->getColor()); ?>"><?= $label->getName(); ?></span>
+                    <span class="tag" style="background: #<?= htmlspecialchars(dechex($label->getColor()), ENT_COMPAT, 'utf-8'); ?>"><?= htmlspecialchars($label->getName(), ENT_COMPAT, 'utf-8'); ?></span>
                     <?php endforeach; ?>
                 </div>
             </section>
diff --git a/Theme/Backend/kanban-card.tpl.php b/Theme/Backend/kanban-card.tpl.php
index 6cd2517..4e0a918 100644
--- a/Theme/Backend/kanban-card.tpl.php
+++ b/Theme/Backend/kanban-card.tpl.php
@@ -6,9 +6,9 @@ $comments = $card->getComments();
 <div class="row">
     <div class="col-xs-12">
         <section class="box wf-100">
-            <header><h1><?= $card->getName(); ?></h1></header>
+            <header><h1><?= htmlspecialchars($card->getName(), ENT_COMPAT, 'utf-8'); ?></h1></header>
             <div class="inner">
-                <?= $card->getDescription(); ?>
+                <?= htmlspecialchars($card->getDescription(), ENT_COMPAT, 'utf-8'); ?>
             </div>
         </section>
     </div>
@@ -19,7 +19,7 @@ $comments = $card->getComments();
     <div class="col-xs-12">
         <section class="box wf-100">
             <div class="inner">
-                <?= $comment->getDescription(); ?>
+                <?= htmlspecialchars($comment->getDescription(), ENT_COMPAT, 'utf-8'); ?>
             </div>
         </section>
     </div>
diff --git a/Theme/Backend/kanban-dashboard.tpl.php b/Theme/Backend/kanban-dashboard.tpl.php
index 2b9accf..fcd4d97 100644
--- a/Theme/Backend/kanban-dashboard.tpl.php
+++ b/Theme/Backend/kanban-dashboard.tpl.php
@@ -6,11 +6,11 @@ echo $this->getData('nav')->render(); ?>
 <div class="row">
     <?php foreach($boards as $board) : ?>  
     <div class="col-xs-12 col-sm-6 col-lg-3">
-        <a href="<?= \phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/kanban/board?{?}&id=' . $board->getId()) ?>">
+        <a href="<?= htmlspecialchars(\phpOMS\Uri\UriFactory::build('{/base}/{/lang}/backend/kanban/board?{?}&id=' . $board->getId()) , ENT_COMPAT, 'utf-8'); ?>">
         <section class="box wf-100">
-            <header><h1><?= $board->getName(); ?></h1></header>
+            <header><h1><?= htmlspecialchars($board->getName(), ENT_COMPAT, 'utf-8'); ?></h1></header>
             <div class="inner">
-                <?= $board->getDescription(); ?>
+                <?= htmlspecialchars($board->getDescription(), ENT_COMPAT, 'utf-8'); ?>
             </div>
         </section>
         </a>