diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index b45d672b385b93bdad0da25bb8c04a7580ced2df..b3040cbf03b7a1af2167ff987d4b1b35fc4c4afc 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -96,6 +96,7 @@ function test_sql_and_script_inject($val, $type)
     $sql_inj += preg_match('/<script/i', $val);
     if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
     $sql_inj += preg_match('/base[\s]+href/i', $val);
+    $sql_inj += preg_match('/<.*onmouseover/i', $val);       // onmouseover can be set on img or any html tag like <img title='>' onmouseover=alert(1)>
     if ($type == 1)
     {
         $sql_inj += preg_match('/javascript:/i', $val);