diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java b/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java
index 4d7bb21930..3564f8dee0 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/ai/AiModel.java
@@ -32,6 +32,7 @@ import org.thingsboard.server.common.data.id.AiModelId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.validation.Length;
 import org.thingsboard.server.common.data.validation.NoNullChar;
+import org.thingsboard.server.common.data.validation.NoXss;
 
 import java.io.Serial;
 
@@ -64,6 +65,7 @@ public final class AiModel extends BaseData<AiModelId> implements HasTenantId, H
     @NotBlank
     @NoNullChar
     @Length(min = 1, max = 255)
+    @NoXss
     @Schema(
             requiredMode = Schema.RequiredMode.REQUIRED,
             accessMode = Schema.AccessMode.READ_WRITE,
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java
index 6396ecb7b8..e6b6c1ff6f 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/oauth2/OAuth2Client.java
@@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.HasTenantId;
 import org.thingsboard.server.common.data.id.OAuth2ClientId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.validation.Length;
+import org.thingsboard.server.common.data.validation.NoXss;
 
 import java.util.List;
 
@@ -42,6 +43,7 @@ public class OAuth2Client extends BaseDataWithAdditionalInfo<OAuth2ClientId> imp
     private TenantId tenantId;
     @Schema(description = "Oauth2 client title")
     @NotBlank
+    @NoXss
     @Length(fieldName = "title", max = 100, message = "cannot be longer than 100 chars")
     private String title;
     @Schema(description = "Config for mapping OAuth2 log in response to platform entities", requiredMode = Schema.RequiredMode.REQUIRED)