diff --git a/lib/plausible/site/admin.ex b/lib/plausible/site/admin.ex
index 022bb0d90f4a..fe3b2b1b0600 100644
--- a/lib/plausible/site/admin.ex
+++ b/lib/plausible/site/admin.ex
@@ -164,11 +164,14 @@ defmodule Plausible.SiteAdmin do
     owner = site.owner
 
     if owner do
+      escaped_name = Phoenix.HTML.html_escape(owner.name) |> Phoenix.HTML.safe_to_string()
+      escaped_email = Phoenix.HTML.html_escape(owner.email) |> Phoenix.HTML.safe_to_string()
+
       {:safe,
        """
-        <a href="/crm/auth/user/#{owner.id}">#{owner.name}</a>
+        <a href="/crm/auth/user/#{owner.id}">#{escaped_name}</a>
         <br/><br/>
-        #{owner.email}
+        #{escaped_email}
        """}
     end
   end