diff --git a/core/src/Revolution/modDashboardWidgetInterface.php b/core/src/Revolution/modDashboardWidgetInterface.php
index 182d6c2ef4..fe95560eb6 100644
--- a/core/src/Revolution/modDashboardWidgetInterface.php
+++ b/core/src/Revolution/modDashboardWidgetInterface.php
@@ -83,8 +83,11 @@ public function process() {
             $output = $this->render();
         } catch (Throwable $t) {
             $this->controller->setPlaceholder('_e', [
-                'message' => $t->getMessage(),
-                'errors' => explode("\n", $t->getTraceAsString()),
+                'message' => htmlspecialchars($t->getMessage(), ENT_QUOTES),
+                'errors' => htmlspecialchars(
+                    explode("\n", $t->getTraceAsString()),
+                    ENT_QUOTES
+                ),
             ]);
             $output = $this->controller->fetchTemplate('error.tpl');
         }
diff --git a/core/src/Revolution/modManagerController.php b/core/src/Revolution/modManagerController.php
index fd1212ad9b..43530cc8a4 100644
--- a/core/src/Revolution/modManagerController.php
+++ b/core/src/Revolution/modManagerController.php
@@ -205,7 +205,13 @@ public function render(): string
 
         $tpl = $this->getTemplateFile();
         if ($this->isFailure) {
-            $this->setPlaceholder('_e', $this->modx->error->failure($this->failureMessage));
+            $this->setPlaceholder(
+                '_e',
+                filter_var_array(
+                    $this->modx->error->failure($this->failureMessage),
+                    FILTER_SANITIZE_FULL_SPECIAL_CHARS
+                )
+            );
             $content = $this->fetchTemplate('error.tpl');
         } else {
             if (!empty($tpl)) {
diff --git a/core/src/Revolution/modManagerResponse.php b/core/src/Revolution/modManagerResponse.php
index 46b178b2fa..3e4482815b 100644
--- a/core/src/Revolution/modManagerResponse.php
+++ b/core/src/Revolution/modManagerResponse.php
@@ -185,7 +185,13 @@ public static function isControllerClass(string $className): bool
     public function send()
     {
         if (is_array($this->body)) {
-            $this->modx->smarty->assign('_e', $this->body);
+            $this->modx->smarty->assign(
+                '_e',
+                filter_var_array(
+                    $this->body,
+                    FILTER_SANITIZE_FULL_SPECIAL_CHARS
+                )
+            );
             if (!file_exists($this->modx->smarty->template_dir . 'error.tpl')) {
                 $templatePath = $this->modx->getOption('manager_path') . 'templates/default/';
                 $this->modx->smarty->setTemplatePath($templatePath);