diff --git a/app/Views/receivings/receiving.php b/app/Views/receivings/receiving.php
index 7a39ab682..f516c1d6d 100644
--- a/app/Views/receivings/receiving.php
+++ b/app/Views/receivings/receiving.php
@@ -137,7 +137,7 @@ if (isset($success)) {
                         <td><?= esc($item['item_number']) ?></td>
                         <td style="text-align: center;">
                             <?= esc($item['name'] . ' ' . implode(' ', [$item['attribute_values'], $item['attribute_dtvalues']])) ?><br>
-                            <?= '[' . to_quantity_decimals($item['in_stock']) . ' in ' . $item['stock_name'] . ']' ?>
+                            <?= '[' . to_quantity_decimals($item['in_stock']) . ' in ' . esc($item['stock_name']) . ']' ?>
                             <?= form_hidden('location', (string)$item['item_location']) ?>
                         </td>
 
diff --git a/app/Views/sales/register.php b/app/Views/sales/register.php
index f0ca9df98..12fc10c08 100644
--- a/app/Views/sales/register.php
+++ b/app/Views/sales/register.php
@@ -181,7 +181,7 @@ helper('url');
                                 <td style="align: center;">
                                     <?= esc($item['name']) . ' ' . implode(' ', [$item['attribute_values'], $item['attribute_dtvalues']]) ?>
                                     <br>
-                                    <?php if ($item['stock_type'] == '0'): echo '[' . to_quantity_decimals($item['in_stock']) . ' in ' . $item['stock_name'] . ']';
+                                    <?php if ($item['stock_type'] == '0'): echo '[' . to_quantity_decimals($item['in_stock']) . ' in ' . esc($item['stock_name']) . ']';
                                     endif; ?>
                                 </td>
                             <?php } ?>