diff --git a/client/components/modals/collections/AddCreateModal.vue b/client/components/modals/collections/AddCreateModal.vue
index 24e8695d6..f0d43c14f 100644
--- a/client/components/modals/collections/AddCreateModal.vue
+++ b/client/components/modals/collections/AddCreateModal.vue
@@ -227,7 +227,7 @@ export default {
         .catch((error) => {
           console.error('Failed to create collection', error)
           var errMsg = error.response ? error.response.data || '' : ''
-          this.$toast.error(this.$strings.ToastCollectionCreateFailed + ': ' + errMsg)
+          this.$toast.error(errMsg)
           this.processing = false
         })
     }
diff --git a/server/controllers/CollectionController.js b/server/controllers/CollectionController.js
index 475adfe0f..1476b0f81 100644
--- a/server/controllers/CollectionController.js
+++ b/server/controllers/CollectionController.js
@@ -3,6 +3,7 @@ const Sequelize = require('sequelize')
 const Logger = require('../Logger')
 const SocketAuthority = require('../SocketAuthority')
 const Database = require('../Database')
+const htmlSanitizer = require('../utils/htmlSanitizer')
 
 const RssFeedManager = require('../managers/RssFeedManager')
 
@@ -31,8 +32,10 @@ class CollectionController {
   async create(req, res) {
     const reqBody = req.body || {}
 
+    const nameCleaned = htmlSanitizer.stripAllTags(reqBody.name)
+
     // Validation
-    if (!reqBody.name || !reqBody.libraryId) {
+    if (!nameCleaned || !reqBody.libraryId) {
       return res.status(400).send('Invalid collection data')
     }
     if (reqBody.description && typeof reqBody.description !== 'string') {
@@ -65,7 +68,7 @@ class CollectionController {
       newCollection = await Database.collectionModel.create(
         {
           libraryId: reqBody.libraryId,
-          name: reqBody.name,
+          name: nameCleaned,
           description: reqBody.description || null
         },
         { transaction }
@@ -145,9 +148,12 @@ class CollectionController {
       collectionUpdatePayload.description = req.body.description
       wasUpdated = true
     }
-    if (req.body.name !== undefined && req.body.name !== req.collection.name) {
-      collectionUpdatePayload.name = req.body.name
-      wasUpdated = true
+    if (req.body.name !== undefined && typeof req.body.name === 'string') {
+      const nameCleaned = htmlSanitizer.stripAllTags(req.body.name)
+      if (nameCleaned !== req.collection.name) {
+        collectionUpdatePayload.name = nameCleaned
+        wasUpdated = true
+      }
     }
 
     if (wasUpdated) {