diff --git a/htdocs/product/class/product.class.php b/htdocs/product/class/product.class.php
index f2611e80000..fde8c453a2e 100644
--- a/htdocs/product/class/product.class.php
+++ b/htdocs/product/class/product.class.php
@@ -5049,7 +5049,7 @@ class Product extends CommonObject
 				$result .= (img_object(($notooltip ? '' : $label), 'service', ($notooltip ? 'class="paddingright"' : 'class="paddingright classfortooltip"'), 0, 0, $notooltip ? 0 : 1));
 			}
 		}
-		$result .= $newref;
+		$result .= dol_escape_htmltag($newref);
 		$result .= $linkend;
 		if ($withpicto != 2) {
 			$result .= (($add_label && $this->label) ? $sep.dol_trunc($this->label, ($add_label > 1 ? $add_label : 0)) : '');
diff --git a/htdocs/product/stock/massstockmove.php b/htdocs/product/stock/massstockmove.php
index 31b2aa8e187..4da9156e955 100644
--- a/htdocs/product/stock/massstockmove.php
+++ b/htdocs/product/stock/massstockmove.php
@@ -336,11 +336,11 @@ if ($action == 'importCSV' && !empty($user->rights->stock->mouvement->creer)) {
 					continue;
 				}
 				//var_dump($data);
-				$tmp_id_sw = (int) $data[$i][0]['val'];
-				$tmp_id_tw = (int) $data[$i][1]['val'];
-				$tmp_id_product = (int) $data[$i][2]['val'];
-				$tmp_qty = price2num((float) $data[$i][3]['val'], 'MS');
-				$tmp_batch = dol_escape_htmltag($data[$i][4]['val']);
+				$tmp_id_sw = $data[$i][0]['val'];
+				$tmp_id_tw = $data[$i][1]['val'];
+				$tmp_id_product = $data[$i][2]['val'];
+				$tmp_qty = $data[$i][3]['val'];
+				$tmp_batch = $data[$i][4]['val'];
 
 				if (!is_numeric($tmp_id_product)) {
 					$result = fetchref($productstatic, $tmp_id_product);
@@ -604,11 +604,11 @@ print '</td>';
 if (isModEnabled('productbatch')) {
 	print '<td>';
 	print img_picto($langs->trans("LotSerial"), 'lot', 'class="paddingright"');
-	print '<input type="text" name="batch" class="flat maxwidth50" value="'.$batch.'">';
+	print '<input type="text" name="batch" class="flat maxwidth50" value="'.dol_escape_htmltag($batch).'">';
 	print '</td>';
 }
 // Qty
-print '<td class="center"><input type="text" class="flat maxwidth50" name="qty" value="'.$qty.'"></td>';
+print '<td class="center"><input type="text" class="flat maxwidth50" name="qty" value="'.price2num((float) $qty, 'MS').'"></td>';
 // Button to add line
 print '<td class="right"><input type="submit" class="button" name="addline" value="'.dol_escape_htmltag($titletoadd).'"></td>';
 
@@ -641,14 +641,14 @@ foreach ($listofdata as $key => $val) {
 		print $warehousestatict->getNomUrl(1);
 		print '</td>';
 		print '<td>';
-		print $productstatic->getNomUrl(1).' - '.$productstatic->label;
+		print $productstatic->getNomUrl(1).' - '.dol_escape_htmltag($productstatic->label);
 		print '</td>';
 		if (isModEnabled('productbatch')) {
 			print '<td>';
-			print $val['batch'];
+			print dol_escape_htmltag($val['batch']);
 			print '</td>';
 		}
-		print '<td class="center">'.$val['qty'].'</td>';
+		print '<td class="center">'.price2num((float) $val['qty'], 'MS').'</td>';
 		print '<td class="right"><a href="'.$_SERVER["PHP_SELF"].'?action=delline&token='.newToken().'&idline='.$val['id'].'">'.img_delete($langs->trans("Remove")).'</a></td>';
 		print '</tr>';
 	}