diff --git a/main/inc/lib/TicketManager.php b/main/inc/lib/TicketManager.php
index b997f3e4406..4835673657c 100644
--- a/main/inc/lib/TicketManager.php
+++ b/main/inc/lib/TicketManager.php
@@ -1277,6 +1277,7 @@ public static function get_ticket_detail_by_id($ticketId)
 
                 $result_attach = Database::query($sql);
                 while ($row2 = Database::fetch_assoc($result_attach)) {
+                    $row2['filename'] = Security::remove_XSS($row2['filename']);
                     $archiveURL = $webPath.'ticket/download.php?ticket_id='.$ticketId.'&id='.$row2['id'];
                     $row2['attachment_link'] = $attach_icon.
                         '&nbsp;<a href="'.$archiveURL.'">'.$row2['filename'].'</a>&nbsp;('.$row2['size'].')';