diff --git a/CHANGELOG b/CHANGELOG
index ac3fc2b5e6a5d7046dd7f24f8cb3c2a4fd757706..be7b0118afe5ba8004666ce9875181bab4d36e9b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -11,6 +11,7 @@ minerva (14.0.0~beta.2) unstable; urgency=low
   * Bug fix: information about deprecated column is more clear about column 
     names (#838)
   * Bug fix: version of the project is limited to 20 characters (#951)
+  * Bug fix: link to comment on map from admin panel was broken (#941)
 
  -- Piotr Gawron <piotr.gawron@uni.lu>  Mon, 16 Sep 2019 21:00:00 +0200
 
diff --git a/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js b/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js
index f23139232b3fa9871856dfd3eff9d6460451e52f..8ba536cf438220148d1fd10f4f7ed6c87fc8e045 100644
--- a/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js
+++ b/frontend-js/src/main/js/gui/admin/CommentsAdminPanel.js
@@ -153,9 +153,9 @@ CommentsAdminPanel.prototype.commentToTableRow = function (comment, disable) {
       "&y=" + comment.getCoordinates().y +
       "&zoom=12" +
       "&comments=on";
-    title = "<a href='" + commentLink + "' target='" + projectId + "'>" + comment.getTitle() + "</a>";
+    title = "<a href='" + commentLink + "' target='" + projectId + "'>" + xss(comment.getTitle()) + "</a>";
   } else {
-    title = comment.getTitle();
+    title = xss(comment.getTitle());
   }
 
   var disabled = "";
@@ -180,7 +180,7 @@ CommentsAdminPanel.prototype.commentToTableRow = function (comment, disable) {
   }
 
   return [comment.getId(),
-    xss(title),
+    title,
     xss(author),
     xss(email),
     xss(comment.getContent()),