diff --git a/docs/NEWS b/docs/NEWS
index 435d458d..0c8fd815 100644
--- a/docs/NEWS
+++ b/docs/NEWS
@@ -21,6 +21,8 @@ Version 2.3.3-beta1 ()
 
    * Fix: Add valid HTTP referrer when trying to delete a
 
+   * Fix: Escape version string in update notifier to avoid XSS.
+
    * Fix: Prevent renaming a ML object into an existing file,
           resulting in deletion of both from disk and database.
 
diff --git a/templates/2k11/admin/overview.inc.tpl b/templates/2k11/admin/overview.inc.tpl
index 292a274e..a818b8d3 100644
--- a/templates/2k11/admin/overview.inc.tpl
+++ b/templates/2k11/admin/overview.inc.tpl
@@ -30,7 +30,7 @@
             <section id="dashboard_update">
                 <h3>{$CONST.UPDATE_NOTIFICATION}</h3>
 
-                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion}</span>
+                <span class="msg_notice"><span class="icon-info-circled" aria-hidden="true"></span> {$CONST.NEW_VERSION_AVAILABLE} {$curVersion|escape}</span>
                 {$updateButton}
             </section>
             <hr class="separator">