diff --git a/omod/src/main/java/org/openmrs/web/servlet/QuickReportServlet.java b/omod/src/main/java/org/openmrs/web/servlet/QuickReportServlet.java
index 6d72c7b7..afe3d280 100644
--- a/omod/src/main/java/org/openmrs/web/servlet/QuickReportServlet.java
+++ b/omod/src/main/java/org/openmrs/web/servlet/QuickReportServlet.java
@@ -45,6 +45,7 @@
 import org.openmrs.util.OpenmrsConstants;
 import org.openmrs.util.PrivilegeConstants;
 import org.openmrs.web.WebConstants;
+import org.openmrs.web.WebUtil;
 
 public class QuickReportServlet extends HttpServlet {
 	
@@ -62,6 +63,7 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
 			session.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "error.null");
 			return;
 		}
+		
 		if (!Context.hasPrivilege(PrivilegeConstants.GET_PATIENTS)) {
 			session.setAttribute(WebConstants.OPENMRS_ERROR_ATTR, "Privilege required: " + PrivilegeConstants.GET_PATIENTS);
 			session.setAttribute(WebConstants.OPENMRS_LOGIN_REDIRECT_HTTPSESSION_ATTR, request.getRequestURI() + "?"
@@ -70,6 +72,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
 			return;
 		}
 		
+		reportType = WebUtil.escapeHTML(reportType);
+		
 		try {
 			Velocity.init();
 		}