diff --git a/src/controllers/admin/users.js b/src/controllers/admin/users.js
index 4ea3ebb9e5..14e50bf9eb 100644
--- a/src/controllers/admin/users.js
+++ b/src/controllers/admin/users.js
@@ -199,7 +199,7 @@ async function loadUserInfo(callerUid, uids) {
 				const confirmObj = confirmObjs[index];
 				user['email:expired'] = !confirmObj.expires || Date.now() >= confirmObj.expires;
 				user['email:pending'] = confirmObj.expires && Date.now() < confirmObj.expires;
-				user.emailToConfirm = confirmObj.email;
+				user.emailToConfirm = validator.escape(String(confirmObj.email));
 			}
 		}
 	});