diff --git modules/system/system.admin.inc modules/system/system.admin.inc
index 68e02b1..c3a0d34 100644
--- modules/system/system.admin.inc
+++ modules/system/system.admin.inc
@@ -704,8 +704,8 @@ function system_modules($form, $form_state = array()) {
         $requires_name = $files[$requires]->info['name'];
         if ($incompatible_version = drupal_check_incompatibility($v, str_replace(DRUPAL_CORE_COMPATIBILITY . '-', '', $files[$requires]->info['version']))) {
           $extra['requires'][$requires] = t('@module (<span class="admin-missing">incompatible with</span> version @version)', array(
-            '@module' => $requires_name . $incompatible_version,
-            '@version' => $files[$requires]->info['version'],
+            '@module' => check_plain($requires_name) . $incompatible_version,
+            '@version' => check_plain($files[$requires]->info['version']),
           ));
           $extra['disabled'] = TRUE;
         }
@@ -819,13 +819,13 @@ function _system_modules_build_row($info, $extra) {
   );
   // Set the basic properties.
   $form['name'] = array(
-    '#markup' => $info['name'],
+    '#markup' => check_plain($info['name']),
   );
   $form['description'] = array(
-    '#markup' => t($info['description']),
+    '#markup' => filter_xss_admin(t($info['description'])),
   );
   $form['version'] = array(
-    '#markup' => $info['version'],
+    '#markup' => check_plain($info['version']),
   );
   $form['#requires'] = $extra['requires'];
   $form['#required_by'] = $extra['required_by'];
@@ -2437,7 +2437,7 @@ function theme_system_themes_form($variables) {
     // Fetch info
     $info = $form[$key]['info']['#value'];
     // Localize theme description.
-    $description = t($info['description']);
+    $description = filter_xss_admin(t($info['description']));
     // Make sure it is compatible and render the checkbox if so.
     if (isset($form['status']['#incompatible_themes_core'][$key])) {
       unset($form['status'][$key]);
@@ -2458,13 +2458,13 @@ function theme_system_themes_form($variables) {
     }
 
     // Style theme info
-    $theme = '<div class="theme-info"><h2>' . $info['name'] . '</h2><div class="description">' . $description . '</div></div>';
+    $theme = '<div class="theme-info"><h2>' . check_plain($info['name']) . '</h2><div class="description">' . $description . '</div></div>';
 
     // Build rows
     $row = array();
     $row[] = drupal_render($form[$key]['screenshot']);
     $row[] = $theme;
-    $row[] = isset($info['version']) ? $info['version'] : '';
+    $row[] = isset($info['version']) ? check_plain($info['version']) : '';
     $row[] = array('data' => $status, 'align' => 'center');
     if ($form['theme_default']) {
       $row[] = array('data' => drupal_render($form['theme_default'][$key]), 'align' => 'center');