diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java b/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java
index 2190972d7e..b023ba89c3 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/mobile/bundle/MobileAppBundle.java
@@ -30,6 +30,7 @@ import org.thingsboard.server.common.data.id.MobileAppId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.mobile.layout.MobileLayoutConfig;
 import org.thingsboard.server.common.data.validation.Length;
+import org.thingsboard.server.common.data.validation.NoXss;
 
 @EqualsAndHashCode(callSuper = true)
 @Data
@@ -40,9 +41,11 @@ public class MobileAppBundle extends BaseData<MobileAppBundleId> implements HasT
     private TenantId tenantId;
     @Schema(description = "Application bundle title. Cannot be empty", requiredMode = Schema.RequiredMode.REQUIRED)
     @NotBlank
+    @NoXss
     @Length(fieldName = "title")
     private String title;
     @Schema(description = "Application bundle description.")
+    @NoXss
     @Length(fieldName = "description")
     private String description;
     @Schema(description = "Android application id")
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java
index 81b5e0ccfb..fe87e0f966 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRule.java
@@ -62,6 +62,7 @@ public class NotificationRule extends BaseData<NotificationRuleId> implements Ha
     @Valid
     private NotificationRuleRecipientsConfig recipientsConfig;
 
+    @Valid
     private NotificationRuleConfig additionalConfig;
 
     private NotificationRuleId externalId;
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java
index 9103086b7c..013c0ae662 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/rule/NotificationRuleConfig.java
@@ -16,12 +16,14 @@
 package org.thingsboard.server.common.data.notification.rule;
 
 import lombok.Data;
+import org.thingsboard.server.common.data.validation.NoXss;
 
 import java.io.Serializable;
 
 @Data
 public class NotificationRuleConfig implements Serializable {
 
+    @NoXss
     private String description;
 
 }
diff --git a/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java b/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java
index e660d49bca..d9b9df0fdf 100644
--- a/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/notification/template/DeliveryMethodNotificationTemplate.java
@@ -24,6 +24,7 @@ import jakarta.validation.constraints.NotEmpty;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.thingsboard.server.common.data.notification.NotificationDeliveryMethod;
+import org.thingsboard.server.common.data.validation.NoXss;
 
 import java.util.List;
 
@@ -43,6 +44,7 @@ public abstract class DeliveryMethodNotificationTemplate {
 
     private boolean enabled;
     @NotEmpty
+    @NoXss
     protected String body;
 
     public DeliveryMethodNotificationTemplate(DeliveryMethodNotificationTemplate other) {