diff --git a/main/document/document.php b/main/document/document.php
index 74450838c7..f7ab1f9c7e 100755
--- a/main/document/document.php
+++ b/main/document/document.php
@@ -1090,7 +1090,7 @@ if ($isAllowedToEdit || $groupMemberWithUploadRights ||
                 false,
                 $curdirpath
             );
-            $moveForm .= '<legend>'.get_lang('Move').': '.$document_to_move['title'].'</legend>';
+            $moveForm .= '<legend>'.get_lang('Move').': '.Security::remove_XSS($document_to_move['title']).'</legend>';
 
             // filter if is my shared folder. TODO: move this code to build_move_to_selector function
             if (DocumentManager::is_my_shared_folder(api_get_user_id(), $curdirpath, $sessionId) &&
diff --git a/main/inc/lib/document.lib.php b/main/inc/lib/document.lib.php
index ed784eff30..38fb79e057 100644
--- a/main/inc/lib/document.lib.php
+++ b/main/inc/lib/document.lib.php
@@ -5049,7 +5049,7 @@ class DocumentManager
 
         if (is_array($folders)) {
             $escaped_folders = [];
-            foreach ($folders as $key => &$val) {
+            foreach ($folders as $key => $val) {
                 $escaped_folders[$key] = Database::escape_string($val);
             }
             $folder_sql = implode("','", $escaped_folders);
@@ -5097,6 +5097,7 @@ class DocumentManager
                     } else {
                         $label = ' &mdash; '.$folder_titles[$folder];
                     }
+                    $label = Security::remove_XSS($label);
                     $parent_select->addOption($label, $folder_id);
                     if ($selected != '') {
                         $parent_select->setSelected($folder_id);