diff --git a/main/admin/user_list.php b/main/admin/user_list.php
index cae705815d..f76e281c2c 100755
--- a/main/admin/user_list.php
+++ b/main/admin/user_list.php
@@ -246,7 +246,7 @@ function prepare_user_sql_query($getCount)
     foreach ($keywordList as $keyword) {
         $keywordListValues[$keyword] = null;
         if (isset($_GET[$keyword]) && !empty($_GET[$keyword])) {
-            $keywordListValues[$keyword] = $_GET[$keyword];
+            $keywordListValues[$keyword] = Security::remove_XSS($_GET[$keyword]);
             $atLeastOne = true;
         }
     }