diff --git a/security/CMSSecurity.php b/security/CMSSecurity.php
index 69f6e9fc5..2fb1c97f5 100644
--- a/security/CMSSecurity.php
+++ b/security/CMSSecurity.php
@@ -86,7 +86,7 @@ class CMSSecurity extends Security {
 				'CMSSecurity.TimedOutTitleMember',
 				'Hey {name}!<br />Your session has timed out.',
 				'Title for CMS popup login form for a known user',
-				array('name' => $member->FirstName)
+				array('name' => Convert::raw2xml($member->FirstName))
 			);
 		} else {
 			return _t(
diff --git a/security/MemberLoginForm.php b/security/MemberLoginForm.php
index ded8cfc9b..b9bb8ce67 100644
--- a/security/MemberLoginForm.php
+++ b/security/MemberLoginForm.php
@@ -139,7 +139,7 @@ JS;
 			$this->message = _t(
 				'Member.LOGGEDINAS',
 				"You're logged in as {name}.",
-				array('name' => $member->{$this->loggedInAsField})
+				array('name' => Convert::raw2xml($member->{$this->loggedInAsField}))
 			);
 		}