Index: mod_cmd/class.tx_dam_cmd_filerename.php
===================================================================
--- mod_cmd/class.tx_dam_cmd_filerename.php	(revision 29820)
+++ mod_cmd/class.tx_dam_cmd_filerename.php	(working copy)
@@ -162,7 +162,7 @@
 
 
 		if($this->meta['uid']) {
-			$msg[] = $this->pObj->getFormInputField('title', $this->meta['title'], 30);
+			$msg[] = $this->pObj->getFormInputField('title', htmlspecialchars($this->meta['title']), 30);
 			$msg[] = $this->pObj->getFormInputField('file_name', $this->meta['file_name'], 30);
 			$msg[] = $this->pObj->getFormInputField('file_dl_name', $this->meta['file_dl_name'], 30);
 		} else {