diff --git a/www/class/centreonCommand.class.php b/www/class/centreonCommand.class.php
index 7d57c968a1c06f7f383d476d2f84d8d821149b32..9a0f8b9eb5dc8b96dbad692379b6def02d77a5db 100755
--- a/www/class/centreonCommand.class.php
+++ b/www/class/centreonCommand.class.php
@@ -253,7 +253,7 @@ class CentreonCommand
             while ($row = $dbResult->fetchRow()) {
                 $arr['id'] = $row['command_macro_id'];
                 $arr['name'] = $row['command_macro_name'];
-                $arr['description'] = $row['command_macro_desciption'];
+                $arr['description'] = htmlentities($row['command_macro_desciption']);
                 $arr['type'] = $sType;
                 $aReturn[] = $arr;
             }
diff --git a/www/include/configuration/configObject/command/formArguments.php b/www/include/configuration/configObject/command/formArguments.php
index e806354fe33a5f33a68569ef920708eae35dc689..1ba317b4f2a9dfd53ae208e71793533dc4425927 100644
--- a/www/include/configuration/configObject/command/formArguments.php
+++ b/www/include/configuration/configObject/command/formArguments.php
@@ -62,12 +62,13 @@ if (isset($_GET['cmd_line']) && $_GET['cmd_line']) {
 }
 
 if (isset($_GET['textArea']) && $_GET['textArea']) {
-    $tab = preg_split("/\;\;\;/", $_GET['textArea']);
+    $textArea = urldecode($_GET['textArea']);
+    $tab = preg_split("/\;\;\;/", $textArea);
     foreach ($tab as $key => $value) {
         $tab2 = preg_split("/\ \:\ /", $value, 2);
         $index = str_replace("ARG", "", $tab2[0]);
         if (isset($tab2[0]) && $tab2[0]) {
-            $args[$index] = $tab2[1];
+            $args[$index] = htmlentities($tab2[1]);
         }
     }
 }
diff --git a/www/include/configuration/configObject/command/javascript/commandJs.php b/www/include/configuration/configObject/command/javascript/commandJs.php
index c25034c4791bde264165dbe60483efc7245193d9..df61a49c0821a4fdec3c295d83a13fe11e9a48ac 100644
--- a/www/include/configuration/configObject/command/javascript/commandJs.php
+++ b/www/include/configuration/configObject/command/javascript/commandJs.php
@@ -45,7 +45,7 @@ function goPopup() {
 
     listArea = document.getElementById('listOfArg');
     tmpStr = listArea.value;
-    tmpStr = tmpStr.replace(reg, ";;;");
+    tmpStr = encodeURIComponent(tmpStr.replace(reg, ";;;"));
     cmd_line = document.getElementById('command_line').value;
 
     Modalbox.show('./include/configuration/configObject/command/formArguments.php?cmd_line=' + cmd_line + '&textArea=' + tmpStr, {title: 'Argument description', width:800});
@@ -101,10 +101,10 @@ function setMacrosDescriptions() {
             }
             tmpStr2 += "MACRO ("+ type +") "+ document.getElementById('macro_'+i).value + " : " + document.getElementById('desc_'+i).value + "\n";
     }
-        
+
     listArea.cols= 100;
     listArea.rows= i;
-        
+
     listArea.value = tmpStr2;
     listDiv.style.visibility = "visible";
     Modalbox.hide();
@@ -139,4 +139,4 @@ function checkType(value) {
     jQuery('form#Form').attr('action', action);
 }
 
-</script>
\ No newline at end of file
+</script>