diff --git a/src/DbUtils.php b/src/DbUtils.php
index 49bb83f81cb..fe9edc604ee 100644
--- a/src/DbUtils.php
+++ b/src/DbUtils.php
@@ -1501,7 +1501,7 @@ public function getTreeValueCompleteName($table, $ID, $withcomment = false, $tra
                         $acomment .= $country;
                     }
                     if (trim($acomment != '')) {
-                        $comment .= "<span class='b'>&nbsp;" . __s('Address:') . "</span> " . $acomment . "<br/>";
+                        $comment .= "<span class='b'>&nbsp;" . __s('Address:') . "</span> " . htmlspecialchars($acomment) . "<br/>";
                     }
                 }
                 $comment .= "<span class='b'>&nbsp;" . __s('Comments') . "&nbsp;</span>";