diff --git a/docs/NEWS b/docs/NEWS
index 038c8466..8d86f1c8 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -1,6 +1,8 @@
 Version 2.4-alpha1 ()
 ------------------------------------------------------------------------
 
+   * Fix: Escape version string in update notifier to avoid XSS.
+
    * Fix: Prevent renaming a ML object into an existing file,
           resulting in deletion of both from disk and database.
 
diff --git a/templates/2k11/admin/overview.inc.tpl b/templates/2k11/admin/overview.inc.tpl
index 8c89b979..8306b7a7 100644
--- a/templates/2k11/admin/overview.inc.tpl
+++ b/templates/2k11/admin/overview.inc.tpl
@@ -30,7 +30,7 @@
             <section id="dashboard_update">
                 <h3>{$CONST.UPDATE_NOTIFICATION}</h3>
 
-                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion}</span>
+                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion|escape}</span>
                 {$updateButton}
             </section>
             <hr class="separator">
@@ -41,7 +41,7 @@
         <section id="dashboard_plugin_updates">
             <h3>{$CONST.UPDATE_NOTIFICATION}</h3>
 
-            <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$pluginUpdates}</span>
+            <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$pluginUpdates|escape}</span>
         </section>
         <hr class="separator">
     {/if}