Index: /views/mods/mod_productindex/layouts/grid.phtml
===================================================================
--- /views/mods/mod_productindex/layouts/grid.phtml	(revision 6809)
+++ /views/mods/mod_productindex/layouts/grid.phtml	(revision 6812)
@@ -32,5 +32,5 @@
 
  		<?php parse_str($_SERVER['QUERY_STRING'], $arGET); if (wpsg_isSizedArray($arGET)) { foreach ($arGET as $key => $value) { if (!wpsg_isSizedArray($value)) { ?>
- 		<input type="hidden" name="<?php echo $key; ?>" value="<?php echo $value; ?>" />
+ 		<input type="hidden" name="<?php echo $key; ?>" value="<?php echo htmlspecialchars($value); ?>" />
  		<?php } } } ?>
 
Index: /views/mods/mod_productindex/layouts/list.phtml
===================================================================
--- /views/mods/mod_productindex/layouts/list.phtml	(revision 6809)
+++ /views/mods/mod_productindex/layouts/list.phtml	(revision 6812)
@@ -30,5 +30,5 @@
 
  		<?php parse_str($_SERVER['QUERY_STRING'], $arGET); if (wpsg_isSizedArray($arGET)) { foreach ($arGET as $key => $value) { if (!wpsg_isSizedArray($value)) { ?>
- 		<input type="hidden" name="<?php echo $key; ?>" value="<?php echo $value; ?>" />
+ 		<input type="hidden" name="<?php echo $key; ?>" value="<?php echo htmlspecialchars($value); ?>" />
  		<?php } } } ?>