diff --git a/application/controllers/Lookup.php b/application/controllers/Lookup.php
index d92be2bb7..60079ac02 100644
--- a/application/controllers/Lookup.php
+++ b/application/controllers/Lookup.php
@@ -132,7 +132,7 @@ class Lookup extends CI_Controller {
 	public function get_state_list() {
 		$this->load->library('subdivisions');
 
-		$dxcc = $this->input->post('dxcc');
+		$dxcc = xss_clean($this->input->post('dxcc'));
 		$states_result = $this->subdivisions->get_state_list($dxcc);
 		$subdivision_name = $this->subdivisions->get_primary_subdivision_name($dxcc);