diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index d848233f..ee9c4755 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -21,6 +21,9 @@ SVN changes since 2.3.4 release (postfixadmin-2.3 branch)
              contain malicious SQL. Double-check before using them!
   - fix XSS with $_GET[domain] in templates/menu.php and edit-vacation
   - fix XSS in some create-domain input fields
+  - fix XSS in create-alias and edit-alias error message
+  - fix XSS (by values stored in the database) in fetchmail list view,
+    list-domain and list-virtual
   - create-domain: fix SQL injection (only exploitable by superadmins)
   - add missing $LANG['pAdminDelete_admin_error']
   - don't mark mailbox targets with recipient delimiter as "forward only"
diff --git a/create-alias.php b/create-alias.php
index 24e72ecb..1e45dd18 100644
--- a/create-alias.php
+++ b/create-alias.php
@@ -133,7 +133,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
            $error = 1; 
            $tGoto = $goto; 
            if (!empty($tMessage)) $tMessage .= "<br />";
-           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>"; 
+           $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
        }
     }
     
diff --git a/edit-alias.php b/edit-alias.php
index a82bc87d..b1040936 100644
--- a/edit-alias.php
+++ b/edit-alias.php
@@ -129,7 +129,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST")
             $error = 1;
             $tGoto = $goto;
             if (!empty($tMessage)) $tMessage .= "<br />";
-            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . "$address</span>";
+            $tMessage .= $PALANG['pEdit_alias_goto_text_error2'] . htmlentities($address) . "</span>"; 
         }
     }
 
diff --git a/templates/admin_list-domain.php b/templates/admin_list-domain.php
index 95c6dcbf..eb1bcdc3 100644
--- a/templates/admin_list-domain.php
+++ b/templates/admin_list-domain.php
@@ -50,7 +50,7 @@ if (sizeof ($domain_properties) > 0)
       {
          print "   <tr class=\"hilightoff\" onMouseOver=\"className='hilighton';\" onMouseOut=\"className='hilightoff';\">\n";
          print "<td><a href=\"list-virtual.php?domain=" . $domain_properties[$i]['domain'] . "\">" . $domain_properties[$i]['domain'] . "</a></td>";
-         print "<td>" . $domain_properties[$i]['description'] . "</td>";
+         print "<td>" . htmlentities($domain_properties[$i]['description']) . "</td>";
          print "<td>" . $domain_properties[$i]['alias_count'] . " / " . $domain_properties[$i]['aliases'] . "</td>";
          print "<td>" . $domain_properties[$i]['mailbox_count'] . " / " . $domain_properties[$i]['mailboxes'] . "</td>";
          if ($CONF['quota'] == 'YES')
diff --git a/templates/fetchmail.php b/templates/fetchmail.php
index 03b7bcde..9f19b148 100644
--- a/templates/fetchmail.php
+++ b/templates/fetchmail.php
@@ -41,7 +41,7 @@ if ($edit || $new) { # edit mode
             list($editible,$view,$type)=$fm_struct[$key];
             if ($view){
                $func="_listview_".$type;
-               print "      <td nowrap>" . (function_exists($func)?$func($val):$val) . "</td>\n";
+               print "      <td nowrap>" . htmlentities(function_exists($func)?$func($val):$val) . "</td>\n";
             }
 
          }
diff --git a/templates/list-virtual.php b/templates/list-virtual.php
index 76c3510a..020a0f39 100644
--- a/templates/list-virtual.php
+++ b/templates/list-virtual.php
@@ -314,7 +314,7 @@ if (sizeof ($tMailbox) > 0) {
          }
 
 
-         print "      <td>" . $tMailbox[$i]['name'] . "</td>\n";
+         print "      <td>" . htmlentities($tMailbox[$i]['name']) . "</td>\n";
          if ($CONF['quota'] == 'YES')
          {
             print "      <td>";