diff --git a/pandora_console/general/last_message.php b/pandora_console/general/last_message.php
index dbf2266b37..01c6af40b2 100644
--- a/pandora_console/general/last_message.php
+++ b/pandora_console/general/last_message.php
@@ -44,10 +44,10 @@ if (is_ajax()) {
 
 // Prints first step pandora registration
 echo '<div id="message_id_dialog" title="' .
-	'[' . $message["svn_version"] . '] ' . $message['db_field_value'] . '">';
+	io_safe_output($message['db_field_value']) . '">';
 	
 	echo '<div>';
-		echo $message["data"];
+		echo io_safe_output_html($message["data"]);
 	echo '</div>';
 echo '</div>';
 
diff --git a/pandora_console/godmode/update_manager/update_manager.messages.php b/pandora_console/godmode/update_manager/update_manager.messages.php
index 802f22320f..06646fd931 100644
--- a/pandora_console/godmode/update_manager/update_manager.messages.php
+++ b/pandora_console/godmode/update_manager/update_manager.messages.php
@@ -144,7 +144,7 @@ if ($total_messages){
 			$data[1] = $message['svn_version'];
 			$table->cellclass[count($table->data)][1] = 'um_individual_info';
 			
-			$data[2] = $message['db_field_value'];
+			$data[2] = io_safe_output($message['db_field_value']);
 			$table->cellclass[count($table->data)][2] = 'um_individual_subject';
 			
 			
diff --git a/pandora_console/include/functions_update_manager.php b/pandora_console/include/functions_update_manager.php
index 4a25f7fbc6..2b3da3b53e 100755
--- a/pandora_console/include/functions_update_manager.php
+++ b/pandora_console/include/functions_update_manager.php
@@ -524,6 +524,7 @@ function update_manager_register_instance () {
 }
 
 function update_manager_download_messages () {
+	include_once ("include/functions_io.php");
 	global $config;
 	
 	if (!isset ($config['pandora_uid'])) return;
@@ -554,9 +555,11 @@ function update_manager_download_messages () {
 			if ($message['success'] == 1) {
 				foreach ($message['messages'] as $single_message) {
 					// Convert subject -> db_field_value; message_html -> data; expiration -> filename; message_id -> svn_version
-					$single_message['db_field_value'] = $single_message['subject'];
+					$single_message['db_field_value'] = io_safe_input($single_message['subject']);
 					unset ($single_message['subject']);
-					$single_message['data'] = $single_message['message_html'];
+					$single_message['data'] = io_safe_input_html($single_message['message_html']);
+					// It is mandatory to prepend a backslash to all single quotes
+					$single_message['data'] = preg_replace ('/\'/','\\\'', $single_message['data']);
 					unset ($single_message['message_html']);
 					$single_message['filename'] = $single_message['expiration'];
 					unset ($single_message['expiration']);