diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php
index faf291e5a..1b161bc65 100644
--- a/core/authentication/resources/classes/plugins/database.php
+++ b/core/authentication/resources/classes/plugins/database.php
@@ -157,7 +157,7 @@ class plugin_database {
 
 			//assign user to the template
 			if (!empty($_SESSION['username'])) {
-				$view->assign("username", $_SESSION['username']);
+				$view->assign("username", escape($_SESSION['username']));
 			}
 
 			//messages
diff --git a/core/authentication/resources/classes/plugins/email.php b/core/authentication/resources/classes/plugins/email.php
index b92049977..faba15e48 100644
--- a/core/authentication/resources/classes/plugins/email.php
+++ b/core/authentication/resources/classes/plugins/email.php
@@ -358,7 +358,7 @@ class plugin_email {
 			$view->assign("button_verify", $text['label-verify']);
 			$view->assign("message_delay", $theme_message_delay);
 			if (!empty($_SESSION['username'])) {
-				$view->assign("username", $_SESSION['username']);
+				$view->assign("username", escape($_SESSION['username']));
 				$view->assign("button_cancel", $text['button-cancel']);
 			}
 
diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php
index 30856cf9b..c6d84c299 100644
--- a/core/authentication/resources/classes/plugins/totp.php
+++ b/core/authentication/resources/classes/plugins/totp.php
@@ -237,7 +237,7 @@ class plugin_totp {
 			$view->assign("favicon", $theme_favicon);
 			$view->assign("background_video", $theme_background_video);
 			if (!empty($_SESSION['username'])) {
-				$view->assign("username", $_SESSION['username']);
+				$view->assign("username", escape($_SESSION['username']));
 				$view->assign("button_cancel", $text['button-cancel']);
 			}