diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index 6135be6be1b..7d5babca0a7 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -144,6 +144,8 @@ Bug Fixes
 
 * SOLR-7941: multivalued params are concatenated when using config API (noble)
 
+* SOLR-7949: Resolve XSS issue in Admin UI stats page (David Chiu via janhoy)
+
 Optimizations
 ----------------------
 
diff --git a/solr/webapp/web/js/scripts/plugins.js b/solr/webapp/web/js/scripts/plugins.js
index 2b60ce05656..f68682f0623 100644
--- a/solr/webapp/web/js/scripts/plugins.js
+++ b/solr/webapp/web/js/scripts/plugins.js
@@ -282,7 +282,7 @@ var render_plugin_data = function( plugin_data, plugin_sort, types )
   var entry_count = entries.length;
   for( var i = 0; i < entry_count; i++ )
   {
-    $( 'a[data-bean="' + entries[i] + '"]', frame_element )
+    $( 'a[data-bean="' + entries[i].esc() + '"]', frame_element )
       .parent().addClass( 'expanded' );
   }