diff --git a/plugins/fields/imagelist/tmpl/imagelist.php b/plugins/fields/imagelist/tmpl/imagelist.php
index 2ad821770ab5d..65cfa013880fc 100644
--- a/plugins/fields/imagelist/tmpl/imagelist.php
+++ b/plugins/fields/imagelist/tmpl/imagelist.php
@@ -32,7 +32,7 @@
 	}
 
 	$buffer .= '<img src="images/' . $fieldParams->get('directory', '/')
-				. '/' . $path . '"' . $class . '/>';
+				. '/' . htmlentities($path) . '"' . $class . '/>';
 }
 
 echo $buffer;
diff --git a/plugins/fields/integer/tmpl/integer.php b/plugins/fields/integer/tmpl/integer.php
index 0a84d6f6ecc4f..559931fb1cdb4 100644
--- a/plugins/fields/integer/tmpl/integer.php
+++ b/plugins/fields/integer/tmpl/integer.php
@@ -21,4 +21,4 @@
 	$value = implode(', ', $value);
 }
 
-echo htmlentities($value);
+echo (int) $value;
diff --git a/plugins/fields/media/tmpl/media.php b/plugins/fields/media/tmpl/media.php
index a0aa17fbf9f87..8648260b79161 100644
--- a/plugins/fields/media/tmpl/media.php
+++ b/plugins/fields/media/tmpl/media.php
@@ -31,7 +31,7 @@
 		continue;
 	}
 
-	$buffer .= '<img src="' . $path . '"' . $class . '/>';
+	$buffer .= '<img src="' . htmlentities($path) . '"' . $class . '/>';
 }
 
 echo $buffer;
diff --git a/plugins/fields/url/tmpl/url.php b/plugins/fields/url/tmpl/url.php
index 19fab6a165579..349c9876f7041 100644
--- a/plugins/fields/url/tmpl/url.php
+++ b/plugins/fields/url/tmpl/url.php
@@ -22,4 +22,4 @@
 	$attributes = 'rel="nofollow noopener noreferrer" target="_blank"';
 }
 
-echo '<a href="' . $value . '" ' . $attributes . '>' . $value . '</a>';
+echo '<a href="' . htmlspecialchars($value) . '" ' . $attributes . '>' . htmlspecialchars($value) . '</a>';