diff --git a/app/pin_numbers/pin_numbers.php b/app/pin_numbers/pin_numbers.php
index 3b232bcf44..74a68c184f 100644
--- a/app/pin_numbers/pin_numbers.php
+++ b/app/pin_numbers/pin_numbers.php
@@ -140,7 +140,7 @@
 	if (is_array($result)) {
 		foreach($result as $row) {
 			if (permission_exists('pin_number_edit')) {
-				$tr_link = "href='pin_number_edit.php?id=".$row['pin_number_uuid']."'";
+				$tr_link = "href='pin_number_edit.php?id=".escape($row['pin_number_uuid'])."'";
 			}
 			echo "<tr ".$tr_link.">\n";
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['pin_number']."&nbsp;</td>\n";
@@ -149,10 +149,10 @@
 			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['description']."&nbsp;</td>\n";
 			echo "	<td class='list_control_icons'>";
 			if (permission_exists('pin_number_edit')) {
-				echo "<a href='pin_number_edit.php?id=".$row['pin_number_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+				echo "<a href='pin_number_edit.php?id=".escape($row['pin_number_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
 			}
 			if (permission_exists('pin_number_delete')) {
-				echo "<a href='pin_number_delete.php?id=".$row['pin_number_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+				echo "<a href='pin_number_delete.php?id=".escape($row['pin_number_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
 			}
 			echo "	</td>\n";
 			echo "</tr>\n";