diff --git a/helpdesk/templates/helpdesk/kb_category_base.html b/helpdesk/templates/helpdesk/kb_category_base.html
index e1ce3d2f..2b679e37 100644
--- a/helpdesk/templates/helpdesk/kb_category_base.html
+++ b/helpdesk/templates/helpdesk/kb_category_base.html
@@ -25,8 +25,10 @@
             <div class="row">
                 {% if request.user.pk %}
                 <div class="col-sm">
-                    <a href='{% url "helpdesk:kb_vote" item.pk %}?vote=up'><div class="btn btn-success btn-circle btn-xl"><i class="fa fa-thumbs-up fa-lg"></i></div></a>
-                    <a href='{% url "helpdesk:kb_vote" item.pk %}?vote=down'><div class="btn btn-danger btn-circle btn-xl"><i class="fa fa-thumbs-down fa-lg"></i></div></a>
+                    <form method="post" action="{% url "helpdesk:kb_vote" item.pk "up" %}" style="display: inline">{% csrf_token %}
+                    <button type="submit" class="btn btn-success btn-circle btn-xl"><i class="fa fa-thumbs-up fa-lg"></i></button></form>
+                    <form method="post" action="{% url "helpdesk:kb_vote" item.pk "down" %}" style="display: inline">{% csrf_token %}
+                    <button type="submit" class="btn btn-danger btn-circle btn-xl"><i class="fa fa-thumbs-down fa-lg"></i></submit></form>
                 </div>
                 {% endif %}
                 {% if staff %}
diff --git a/helpdesk/templates/helpdesk/my_tickets.html b/helpdesk/templates/helpdesk/my_tickets.html
index ab25a840..c411703b 100644
--- a/helpdesk/templates/helpdesk/my_tickets.html
+++ b/helpdesk/templates/helpdesk/my_tickets.html
@@ -35,6 +35,7 @@ window.addEventListener('load', function()
         $.get(endpoint, function(data) {
             $('#ticketsTable tbody').empty();
             data.results.forEach(function(ticket) {
+                ticket.title = $('div').text(ticket.title).html();
                 $('#ticketsTable tbody').append(`
                     <tr>
                         <td>
diff --git a/helpdesk/templates/helpdesk/ticket.html b/helpdesk/templates/helpdesk/ticket.html
index dfa8c9ee..26a0dadb 100644
--- a/helpdesk/templates/helpdesk/ticket.html
+++ b/helpdesk/templates/helpdesk/ticket.html
@@ -42,7 +42,7 @@
                     {% for followup in ticket.followup_set.all %}
                         <div class="list-group-item list-group-item-action">
                             <div class="d-flex w-100 justify-content-between">
-                                <h5 class="mb-1">{{ followup.title|num_to_link }}</h5>
+                                <h5 class="mb-1">{{ followup.title|escape|num_to_link }}</h5>
                                 <small><i class="fas fa-clock"></i>&nbsp;<span class='byline text-info'>{% if followup.user %}by {{ followup.user }},{% endif %} <span title='{{ followup.date|date:"DATETIME_FORMAT" }}'>{{ followup.date|naturaltime }}</span>{% if helpdesk_settings.HELPDESK_ENABLE_TIME_SPENT_ON_TICKET %}{% if followup.time_spent %}{% endif %}, <span>{% trans "time spent" %}: {{ followup.time_spent_formated }}</span>{% endif %} {% if not followup.public %} <span class='private'>({% trans "Private" %})</span>{% endif %}</span></small>
                             </div>
                             <p class="mb-1">
diff --git a/helpdesk/tests/test_kb.py b/helpdesk/tests/test_kb.py
index 23525586..4805db34 100644
--- a/helpdesk/tests/test_kb.py
+++ b/helpdesk/tests/test_kb.py
@@ -66,15 +66,15 @@ class KBTests(TestCase):
     def test_kb_vote(self):
         self.client.login(username=self.user.get_username(),
                           password='password')
-        response = self.client.get(
-            reverse('helpdesk:kb_vote', args=(self.kbitem1.pk,)) + "?vote=up")
+        response = self.client.post(
+            reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "up")), params={})
         cat_url = reverse('helpdesk:kb_category',
                           args=("test_cat",)) + "?kbitem=1"
         self.assertRedirects(response, cat_url)
         response = self.client.get(cat_url)
         self.assertContains(response, '1 people found this answer useful of 1')
-        response = self.client.get(
-            reverse('helpdesk:kb_vote', args=(self.kbitem1.pk,)) + "?vote=down")
+        response = self.client.post(
+            reverse('helpdesk:kb_vote', args=(self.kbitem1.pk, "down")), params={})
         self.assertRedirects(response, cat_url)
         response = self.client.get(cat_url)
         self.assertContains(response, '0 people found this answer useful of 1')
diff --git a/helpdesk/urls.py b/helpdesk/urls.py
index 48eab200..6cc7eb99 100644
--- a/helpdesk/urls.py
+++ b/helpdesk/urls.py
@@ -251,7 +251,7 @@ if helpdesk_settings.HELPDESK_KB_ENABLED:
         path("kb/", kb.index, name="kb_index"),
         re_path(r"^kb/(?P<slug>[A-Za-z0-9_-]+)/$",
                 kb.category, name="kb_category"),
-        path("kb/<int:item>/vote/", kb.vote, name="kb_vote"),
+        re_path(r"^kb/(?P<item>\d+)/vote/(?P<vote>up|down)/$", kb.vote, name="kb_vote"),
         re_path(
             r"^kb_iframe/(?P<slug>[A-Za-z0-9_-]+)/$",
             kb.category_iframe,
diff --git a/helpdesk/views/kb.py b/helpdesk/views/kb.py
index 1f619a65..588878ce 100644
--- a/helpdesk/views/kb.py
+++ b/helpdesk/views/kb.py
@@ -59,24 +59,24 @@ def category_iframe(request, slug):
     return category(request, slug, iframe=True)
 
 
-def vote(request, item):
+def vote(request, item, vote):
     item = get_object_or_404(KBItem, pk=item)
-    vote = request.GET.get('vote', None)
-    if vote == 'up':
-        if not item.voted_by.filter(pk=request.user.pk):
-            item.votes += 1
-            item.voted_by.add(request.user.pk)
-            item.recommendations += 1
-        if item.downvoted_by.filter(pk=request.user.pk):
-            item.votes -= 1
-            item.downvoted_by.remove(request.user.pk)
-    if vote == 'down':
-        if not item.downvoted_by.filter(pk=request.user.pk):
-            item.votes += 1
-            item.downvoted_by.add(request.user.pk)
-            item.recommendations -= 1
-        if item.voted_by.filter(pk=request.user.pk):
-            item.votes -= 1
-            item.voted_by.remove(request.user.pk)
-    item.save()
+    if request.method == "POST":
+        if vote == 'up':
+            if not item.voted_by.filter(pk=request.user.pk):
+                item.votes += 1
+                item.voted_by.add(request.user.pk)
+                item.recommendations += 1
+            if item.downvoted_by.filter(pk=request.user.pk):
+                item.votes -= 1
+                item.downvoted_by.remove(request.user.pk)
+        if vote == 'down':
+            if not item.downvoted_by.filter(pk=request.user.pk):
+                item.votes += 1
+                item.downvoted_by.add(request.user.pk)
+                item.recommendations -= 1
+            if item.voted_by.filter(pk=request.user.pk):
+                item.votes -= 1
+                item.voted_by.remove(request.user.pk)
+        item.save()
     return HttpResponseRedirect(item.get_absolute_url())
diff --git a/setup.py b/setup.py
index 7775cc8c..240d9c85 100644
--- a/setup.py
+++ b/setup.py
@@ -6,7 +6,7 @@ from setuptools import find_packages, setup
 import sys
 
 
-version = '1.2.0'
+version = '1.3.0'
 
 
 # Provided as an attribute, so you can append to these instead