diff --git a/modules/member/member.mobile.php b/modules/member/member.mobile.php
index ea2e9aa96..608b26d9a 100644
--- a/modules/member/member.mobile.php
+++ b/modules/member/member.mobile.php
@@ -37,7 +37,7 @@ class memberMobile extends member
 		Context::set('identifier', $config->identifier);
 
         // Set a template file
-        Context::set('referer_url', $_SERVER['HTTP_REFERER']);
+		Context::set('referer_url', htmlspecialchars($_SERVER['HTTP_REFERER']));
         $this->setTemplateFile('login_form');
     }
 
diff --git a/modules/member/member.view.php b/modules/member/member.view.php
index 882cb8a24..370ec0ec7 100644
--- a/modules/member/member.view.php
+++ b/modules/member/member.view.php
@@ -262,7 +262,7 @@
 			Context::set('identifier', $config->identifier);
 
             // Set a template file
-            Context::set('referer_url', $_SERVER['HTTP_REFERER']);
+            Context::set('referer_url', htmlspecialchars($_SERVER['HTTP_REFERER']));
 			Context::set('act', 'procMemberLogin');
             $this->setTemplateFile('login_form');
         }
diff --git a/themes/xe_greystone/modules/message/system_message.html b/themes/xe_greystone/modules/message/system_message.html
index 86f43058f..70b9c8996 100644
--- a/themes/xe_greystone/modules/message/system_message.html
+++ b/themes/xe_greystone/modules/message/system_message.html
@@ -12,7 +12,7 @@
 	<!--%import("./filter/openid_login.xml")-->
 	<!--%import("./message.js")-->
 	<div class="mLogin" id="gLogin">
-		<form action="./" method="post" ruleset="@login" id="gForm">
+		<form action="{getUrl('','act','procMemberLogin')}" method="post" ruleset="@login" id="gForm">
 			<input type="hidden" name="act" value="procMemberLogin" />
 			<fieldset>
 				<ul class="idpw">
diff --git a/themes/xe_sapphire/modules/message/system_message.html b/themes/xe_sapphire/modules/message/system_message.html
index 86f43058f..70b9c8996 100644
--- a/themes/xe_sapphire/modules/message/system_message.html
+++ b/themes/xe_sapphire/modules/message/system_message.html
@@ -12,7 +12,7 @@
 	<!--%import("./filter/openid_login.xml")-->
 	<!--%import("./message.js")-->
 	<div class="mLogin" id="gLogin">
-		<form action="./" method="post" ruleset="@login" id="gForm">
+		<form action="{getUrl('','act','procMemberLogin')}" method="post" ruleset="@login" id="gForm">
 			<input type="hidden" name="act" value="procMemberLogin" />
 			<fieldset>
 				<ul class="idpw">
diff --git a/themes/xe_solid_enterprise/modules/member/login_form.html b/themes/xe_solid_enterprise/modules/member/login_form.html
index a86975ee6..d388dc569 100644
--- a/themes/xe_solid_enterprise/modules/member/login_form.html
+++ b/themes/xe_solid_enterprise/modules/member/login_form.html
@@ -15,7 +15,7 @@
 	<div cond="$XE_VALIDATOR_MESSAGE" class="message {$XE_VALIDATOR_MESSAGE_TYPE}">
 		<p>{$XE_VALIDATOR_MESSAGE}</p>
 	</div>
-    <form ruleset="@login" action="./" method="post" id="fo_member_login">
+    <form ruleset="@login" action="{getUrl('','act','procMemberLogin')}" method="post" id="fo_member_login">
 	<input type="hidden" name="success_return_url" value="{getUrl('act', '')}" />
         <fieldset class="login">
             <dl>
diff --git a/themes/xe_solid_enterprise/modules/message/system_message.html b/themes/xe_solid_enterprise/modules/message/system_message.html
index bd894c801..40aa0229a 100644
--- a/themes/xe_solid_enterprise/modules/message/system_message.html
+++ b/themes/xe_solid_enterprise/modules/message/system_message.html
@@ -9,7 +9,7 @@
 	<!--%import("./filter/openid_login.xml")-->
 	<!--%import("./message.js")-->
 	<div class="mLogin" id="gLogin">
-		<form action="./" method="post" ruleset="@login" id="gForm">
+		<form action="{getUrl('','act','procMemberLogin')}" method="post" ruleset="@login" id="gForm">
 		<input type="hidden" name="act" value="procMemberLogin" />
 		<fieldset>
 		<div class="signPanel">