diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index 19517973882..4738aa90419 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -1775,7 +1775,7 @@ function top_menu_user(User $user, Translate $langs)
$dropdownBody.= '
';
$dropdownBody.= '
'.$langs->trans("Session").'';
- $dropdownBody.= '
'.$langs->trans("IPAddress").': '.$_SERVER["REMOTE_ADDR"];
+ $dropdownBody.= '
'.$langs->trans("IPAddress").': '.dol_escape_htmltag($_SERVER["REMOTE_ADDR"]);
if (! empty($conf->global->MAIN_MODULE_MULTICOMPANY)) $dropdownBody.= '
'.$langs->trans("ConnectedOnMultiCompany").': '.$conf->entity.' (user entity '.$user->entity.')';
$dropdownBody.= '
'.$langs->trans("AuthenticationMode").': '.$_SESSION["dol_authmode"].(empty($dolibarr_main_demo)?'':' (demo)');
$dropdownBody.= '
'.$langs->trans("ConnectedSince").': '.dol_print_date($user->datelastlogin, "dayhour", 'tzuser');
@@ -1784,7 +1784,7 @@ function top_menu_user(User $user, Translate $langs)
$dropdownBody.= '
'.$langs->trans("CurrentMenuManager").': '.$menumanager->name;
$langFlag=picto_from_langcode($langs->getDefaultLang());
$dropdownBody.= '
'.$langs->trans("CurrentUserLanguage").': '.($langFlag?$langFlag.' ':'').$langs->getDefaultLang();
- $dropdownBody.= '
'.$langs->trans("Browser").': '.$conf->browser->name.($conf->browser->version?' '.$conf->browser->version:'').' ('.$_SERVER['HTTP_USER_AGENT'].')';
+ $dropdownBody.= '
'.$langs->trans("Browser").': '.$conf->browser->name.($conf->browser->version?' '.$conf->browser->version:'').' ('.dol_escape_htmltag($_SERVER['HTTP_USER_AGENT']).')';
$dropdownBody.= '
'.$langs->trans("Layout").': '.$conf->browser->layout;
$dropdownBody.= '
'.$langs->trans("Screen").': '.$_SESSION['dol_screenwidth'].' x '.$_SESSION['dol_screenheight'];
if ($conf->browser->layout == 'phone') $dropdownBody.= '
'.$langs->trans("Phone").': '.$langs->trans("Yes");