diff --git a/app/Http/Controllers/Agent/helpdesk/TicketController.php b/app/Http/Controllers/Agent/helpdesk/TicketController.php
index 0a830d0f4..86d457edf 100755
--- a/app/Http/Controllers/Agent/helpdesk/TicketController.php
+++ b/app/Http/Controllers/Agent/helpdesk/TicketController.php
@@ -2786,7 +2786,7 @@ class TicketController extends Controller
                                 $color = "<i class='fa fa-exclamation-triangle'  title='".Lang::get('lang.accoutn-not-verified')."'></i>";
                             }
 
-                            return "<a href='".$url."' title='".Lang::get('lang.see-profile1').' '.$name.'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:#508983'>".str_limit($name, 30).' <span style="color:#f75959">'.$color.'</span></span></a>';
+                            return "<a href='".$url."' title='".Lang::get('lang.see-profile1').' '.strip_tags($name).'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:#508983'>".str_limit(strip_tags($name), 30).' <span style="color:#f75959">'.$color.'</span></span></a>';
                         })
                         ->editColumn('a_uname', function ($tickets) {
                             if ($tickets->assigned_to == null && $tickets->name == null) {
@@ -2797,11 +2797,11 @@ class TicketController extends Controller
                                     $assign = utfEncoding($tickets->a_fname).' '.utfEncoding($tickets->a_lname);
                                     $url = route('user.show', $tickets->assigned_to);
 
-                                    return "<a href='".$url."' title='".Lang::get('lang.see-profile1').' '.$assign.'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:green'>".mb_substr($assign, 0, 30, 'UTF-8').'</span></a>';
+                                    return "<a href='".$url."' title='".Lang::get('lang.see-profile1').' '.strip_tags($assign).'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:green'>".mb_substr(strip_tags($assign), 0, 30, 'UTF-8').'</span></a>';
                                 } else {
                                     $url1 = '#';
 
-                                    return "<a href='".$url1."' title='".Lang::get('lang.see-profile1').' '.ucfirst($tickets->name).'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:green'>".mb_substr(ucfirst($tickets->name), 0, 30, 'UTF-8').'</span></a>';
+                                    return "<a href='".$url1."' title='".Lang::get('lang.see-profile1').' '.ucfirst(strip_tags($tickets->name)).'&apos;'.Lang::get('lang.see-profile2')."'><span style='color:green'>".mb_substr(ucfirst(strip_tags($tickets->name)), 0, 30, 'UTF-8').'</span></a>';
                                 }
                             }
                         })
diff --git a/app/Http/Requests/helpdesk/ClientRequest.php b/app/Http/Requests/helpdesk/ClientRequest.php
index 284d06b20..66c9ba5e2 100644
--- a/app/Http/Requests/helpdesk/ClientRequest.php
+++ b/app/Http/Requests/helpdesk/ClientRequest.php
@@ -41,6 +41,8 @@ class ClientRequest extends Request
             'Email'   => 'required|email',
             'Subject' => 'required',
             'Details' => 'required',
+            'mobile' => 'numeric',
+            'Phone' => 'numeric',
         ];
         $custom_rule = $this->getCustomRule();
         $rules = array_merge($current_rule, $custom_rule);
@@ -133,7 +135,8 @@ class ClientRequest extends Request
                     'Email'   => 'email',
                     'Subject' => 'required',
                     'Details' => 'required',
-                    'mobile'  => 'required',
+                    'mobile'  => 'required|numeric',
+                    'Phone' => 'numeric',
                 ];
             } else {
                 return [
diff --git a/app/Model/helpdesk/Ticket/Ticket_Thread.php b/app/Model/helpdesk/Ticket/Ticket_Thread.php
index 54f06828c..2e10e347f 100644
--- a/app/Model/helpdesk/Ticket/Ticket_Thread.php
+++ b/app/Model/helpdesk/Ticket/Ticket_Thread.php
@@ -132,7 +132,7 @@ class Ticket_Thread extends Model
 
     public function getSubject()
     {
-        $subject = $this->attributes['title'];
+        $subject = strip_tags($this->attributes['title']);
         $array = imap_mime_header_decode($subject);
         $title = '';
         if (is_array($array) && count($array) > 0) {
diff --git a/app/Model/kb/Comment.php b/app/Model/kb/Comment.php
index f48934ce2..a7072eccb 100644
--- a/app/Model/kb/Comment.php
+++ b/app/Model/kb/Comment.php
@@ -12,4 +12,24 @@ class Comment extends BaseModel
 {
     protected $table = 'kb_comment';
     protected $fillable = ['article_id', 'name', 'email', 'website', 'comment', 'status'];
+
+    public function setNameAttribute($value)
+    {
+    	$this->attributes['name'] = strip_tags($value);
+    }
+
+    public function setCommentAttribute($value)
+    {
+    	$this->attributes['comment'] = strip_tags($value);
+    }
+
+    public function getNameAttribute($value)
+    {
+    	return strip_tags($value);
+    }
+
+    public function getCommentAttribute($value)
+    {
+    	return strip_tags($value);
+    }
 }
diff --git a/app/User.php b/app/User.php
index 9d06d5816..797f136bb 100644
--- a/app/User.php
+++ b/app/User.php
@@ -176,6 +176,35 @@ class User extends Model implements AuthenticatableContract, CanResetPasswordCon
         return $this->name();
     }
 
+    public function getFirstNameAttribute($value)
+    {
+        return strip_tags($value);
+    }
+
+    public function getLastNameAttribute($value)
+    {
+        return strip_tags($value);
+    }
+
+    public function getUserNameAttribute($value)
+    {
+        return strip_tags($value);
+    }
+
+    public function setFirstNameAttribute($value)
+    {
+        $this->attributes['first_name']=strip_tags($value);
+    }
+
+    public function setLastNameAttribute($value)
+    {
+        $this->attributes['last_name']= strip_tags($value);
+    }
+
+    public function setUserNameAttribute($value)
+    {
+        $this->attributes['user_name']= strip_tags($value);
+    }
     /**
      * Get the identifier that will be stored in the subject claim of the JWT.
      *
diff --git a/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php b/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php
index 370381fad..686acd1ef 100755
--- a/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php
+++ b/resources/views/themes/default1/agent/helpdesk/ticket/timeline.blade.php
@@ -1219,7 +1219,7 @@ if ($thread->title != "") {
 
                                     <select class="form-control" id="select-merge-parent"  name='p_id' data-placeholder="{!! Lang::get('lang.select_tickets') !!}" style="width: 100%;"><option value="{{$tickets->id}}"><?php
                                        $ticket_data = App\Model\helpdesk\Ticket\Ticket_Thread::select('title')->where('ticket_id', "=", $tickets->id)->first();
-                                       echo $ticket_data->title;
+                                       echo strip_tags($ticket_data->title);
                                        ?></option></select>
                                 </div>
                             </div>