diff --git a/app/music_on_hold/music_on_hold.php b/app/music_on_hold/music_on_hold.php
index 6c4dc88554..8e9b29e055 100644
--- a/app/music_on_hold/music_on_hold.php
+++ b/app/music_on_hold/music_on_hold.php
@@ -526,7 +526,7 @@
 					}
 					if (is_array($stream_icons) && sizeof($stream_icons) > 0) {
 						foreach ($stream_icons as $stream_icon) {
-							$icons .= "<span class='glyphicon ".$stream_icon['glyphicon']." icon_glyphicon_body' title='".$stream_icon['title']."' style='width: 12px; height: 12px; margin-left: ".(($stream_icon['margin'] != '') ? $stream_icon['margin'] : 8)."px; vertical-align: text-top; cursor: help;'></span>";
+							$icons .= "<span class='glyphicon ".$stream_icon['glyphicon']." icon_glyphicon_body' title='".escape($stream_icon['title'])."' style='width: 12px; height: 12px; margin-left: ".(($stream_icon['margin'] != '') ? $stream_icon['margin'] : 8)."px; vertical-align: text-top; cursor: help;'></span>";
 						}
 					}
 
@@ -557,7 +557,7 @@
 
 				//add the uuid of to the link
 					if (permission_exists('music_on_hold_edit')) {
-						$tr_link = "href='music_on_hold_edit.php?id=".$row['music_on_hold_uuid']."'";
+						$tr_link = "href='music_on_hold_edit.php?id=".escape($row['music_on_hold_uuid'])."'";
 					}
 
 				//get the music on hold path