diff --git a/src/Module/Admin/Site.php b/src/Module/Admin/Site.php
index 72ea6fa5a48..584237db917 100644
--- a/src/Module/Admin/Site.php
+++ b/src/Module/Admin/Site.php
@@ -41,13 +41,13 @@ class Site extends BaseAdmin
 			return;
 		}
 
-		$sitename         = (!empty($_POST['sitename'])         ? trim($_POST['sitename'])      : '');
+		$sitename         = (!empty($_POST['sitename'])         ? strip_tags(trim($_POST['sitename'])) : '');
 		$sender_email     = (!empty($_POST['sender_email'])     ? trim($_POST['sender_email'])  : '');
 		$banner           = (!empty($_POST['banner'])           ? trim($_POST['banner'])                             : false);
 		$email_banner     = (!empty($_POST['email_banner'])     ? trim($_POST['email_banner'])                       : false);
 		$shortcut_icon    = (!empty($_POST['shortcut_icon'])    ? trim($_POST['shortcut_icon']) : '');
 		$touch_icon       = (!empty($_POST['touch_icon'])       ? trim($_POST['touch_icon'])    : '');
-		$additional_info  = (!empty($_POST['additional_info'])  ? trim($_POST['additional_info'])                    : '');
+		$additional_info  = (!empty($_POST['additional_info'])  ? strip_tags(trim($_POST['additional_info']))        : '');
 		$language         = (!empty($_POST['language'])         ? trim($_POST['language'])      : '');
 		$theme            = (!empty($_POST['theme'])            ? trim($_POST['theme'])         : '');
 		$theme_mobile     = (!empty($_POST['theme_mobile'])     ? trim($_POST['theme_mobile'])  : '');
@@ -57,7 +57,7 @@ class Site extends BaseAdmin
 		$jpegimagequality = (!empty($_POST['jpegimagequality']) ? intval(trim($_POST['jpegimagequality']))           : 100);
 
 		$register_policy      = (!empty($_POST['register_policy'])         ? intval(trim($_POST['register_policy']))             : 0);
-		$max_registered_users = (!empty($_POST['max_registered_users'])     ? intval(trim($_POST['max_registered_users']))         : 0);
+		$max_registered_users = (!empty($_POST['max_registered_users'])    ? intval(trim($_POST['max_registered_users']))         : 0);
 		$daily_registrations  = (!empty($_POST['max_daily_registrations']) ? intval(trim($_POST['max_daily_registrations']))     : 0);
 		$abandon_days         = (!empty($_POST['abandon_days'])            ? intval(trim($_POST['abandon_days']))                : 0);
 
diff --git a/src/Module/Profile/Photos.php b/src/Module/Profile/Photos.php
index 6d9bca26e34..5fe798730cb 100644
--- a/src/Module/Profile/Photos.php
+++ b/src/Module/Profile/Photos.php
@@ -128,8 +128,8 @@ class Photos extends \Friendica\Module\BaseProfile
 		$request = $hook_data['request'] ?? $request;
 
 		// Determine the album to use
-		$album    = trim($request['album'] ?? '');
-		$newalbum = trim($request['newalbum'] ?? '');
+		$album    = strip_tags(trim($request['album'] ?? ''));
+		$newalbum = strip_tags(trim($request['newalbum'] ?? ''));
 
 		$this->logger->debug('album= ' . $album . ' newalbum= ' . $newalbum);
 
diff --git a/src/Module/Settings/Profile/Index.php b/src/Module/Settings/Profile/Index.php
index 6f7a3a6204e..9a342aa3b36 100644
--- a/src/Module/Settings/Profile/Index.php
+++ b/src/Module/Settings/Profile/Index.php
@@ -99,7 +99,7 @@ class Index extends BaseSettings
 			new ArrayFilterEvent(ArrayFilterEvent::PROFILE_SETTINGS_POST, $request),
 		)->getArray();
 
-		$dob = trim($request['dob'] ?? '');
+		$dob = $this->cleanInput($request['dob'] ?? '');
 
 		if ($dob && !in_array($dob, ['0000-00-00', DBA::NULL_DATE])) {
 			$y = substr($dob, 0, 4);
@@ -121,18 +121,18 @@ class Index extends BaseSettings
 			}
 		}
 
-		$username = trim($request['username'] ?? '');
+		$username = $this->cleanInputText($request['username'] ?? '');
 		if (!$username) {
 			$this->systemMessages->addNotice($this->t('Display Name is required.'));
 			return;
 		}
 
-		$about        = trim($request['about']);
-		$address      = trim($request['address']);
-		$locality     = trim($request['locality']);
-		$region       = trim($request['region']);
-		$postal_code  = trim($request['postal_code']);
-		$country_name = trim($request['country_name']);
+		$about        = $this->cleanInputText($request['about']);
+		$address      = $this->cleanInputText($request['address']);
+		$locality     = $this->cleanInputText($request['locality']);
+		$region       = $this->cleanInputText($request['region']);
+		$postal_code  = $this->cleanInputText($request['postal_code']);
+		$country_name = $this->cleanInputText($request['country_name']);
 		$pub_keywords = self::cleanKeywords(trim($request['pub_keywords']));
 		$prv_keywords = self::cleanKeywords(trim($request['prv_keywords']));
 		$xmpp         = $this->cleanInput(trim($request['xmpp']));
@@ -377,9 +377,14 @@ class Index extends BaseSettings
 		return $profileFields;
 	}
 
+	private function cleanInputText(string $input): string
+	{
+		return trim(strip_tags($input));
+	}
+
 	private function cleanInput(string $input): string
 	{
-		return str_replace(['<', '>', '"', ' '], '', $input);
+		return str_replace(['<', '>', '"', "'", ' '], '', $input);
 	}
 
 	private static function cleanKeywords($keywords): string
@@ -389,7 +394,7 @@ class Index extends BaseSettings
 
 		$cleaned = [];
 		foreach ($keywords as $keyword) {
-			$keyword = trim($keyword);
+			$keyword = trim(str_replace(['<', '>', '"', "'"], '', $keyword));
 			$keyword = trim($keyword, '#');
 			if ($keyword != '') {
 				$cleaned[] = $keyword;