diff --git a/src/main/java/org/olat/core/gui/control/generic/closablewrapper/CloseableModalWindowController.java b/src/main/java/org/olat/core/gui/control/generic/closablewrapper/CloseableModalWindowController.java
index 443bfe34be010f0d1e39fcca862b0395bfb88459..3897c9d4310b50c200a1071876436e4854ef2c6b 100644
--- a/src/main/java/org/olat/core/gui/control/generic/closablewrapper/CloseableModalWindowController.java
+++ b/src/main/java/org/olat/core/gui/control/generic/closablewrapper/CloseableModalWindowController.java
@@ -19,6 +19,7 @@
  */
 package org.olat.core.gui.control.generic.closablewrapper;
 
+import org.apache.commons.lang.StringEscapeUtils;
 import org.olat.core.gui.UserRequest;
 import org.olat.core.gui.components.Component;
 import org.olat.core.gui.components.link.Link;
@@ -54,7 +55,10 @@ public class CloseableModalWindowController extends BasicController {
 	public CloseableModalWindowController(UserRequest ureq, WindowControl wControl, String title, Component modalContent, String id) {
 		super(ureq, wControl);
 		mainVC = createVelocityContainer("modalwindow");
-		if (title != null) mainVC.contextPut("title", title);
+		if (title != null) {
+			String escapedTitle = StringEscapeUtils.escapeJavaScript(StringEscapeUtils.escapeHtml(title));
+			mainVC.contextPut("title", escapedTitle);
+		}
 		mainVC.put("content", modalContent);
 		setCloseable(true);
 		setIgnoreCookie(false);