diff --git a/lib/LedgerSMB/PSGI/Util.pm b/lib/LedgerSMB/PSGI/Util.pm
index 2d6195d69..b716a01c4 100644
--- a/lib/LedgerSMB/PSGI/Util.pm
+++ b/lib/LedgerSMB/PSGI/Util.pm
@@ -24,6 +24,7 @@ use strict;
 use warnings;
 
 use Carp;
+use HTML::Escape;
 use HTTP::Status qw( HTTP_OK HTTP_INTERNAL_SERVER_ERROR HTTP_SEE_OTHER
     HTTP_UNAUTHORIZED );
 
@@ -41,7 +42,7 @@ Returns a standard error representation for HTTP status 500
 
 
 sub internal_server_error {
-    my ($msg, $title, $company, $dbversion) = @_;
+    my ($msg, $title, $company, $dbversion) = map { escape_html($_ // '') } @_;
 
     $title //= 'Error!';
     $msg =~ s/\n/<br>/g;