diff --git a/code/MemberTableField.php b/code/MemberTableField.php
index 279bc6c6..58e28cd3 100755
--- a/code/MemberTableField.php
+++ b/code/MemberTableField.php
@@ -349,7 +349,7 @@ class MemberTableField extends ComplexTableField {
$message = sprintf(
_t('ComplexTableField.SUCCESSADD', 'Added %s %s %s'),
$childData->singular_name(),
- '' . $childData->Title . '',
+ '' . htmlspecialchars($childData->Title, ENT_QUOTES) . '',
$closeLink
);
$form->sessionMessage($message, 'good');