diff --git a/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php b/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
index 117b056c4d40..1b2a28494c0a 100755
--- a/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
+++ b/components/ILIAS/LTIConsumer/classes/class.ilLTIConsumerAdministrationGUI.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -18,6 +16,8 @@
  *
  *********************************************************************/
 
+declare(strict_types=1);
+
 use GuzzleHttp\Client;
 use GuzzleHttp\Psr7\Uri;
 
@@ -785,7 +785,7 @@ protected function confirmDeleteProviders(array $providers, string $cancelComman
             $confirmationGUI->addItem(
                 'provider_ids[]',
                 (string) $provider->getId(),
-                $provider->getTitle(),
+                htmlspecialchars($provider->getTitle()),
                 $providerIcon
             );
         }
diff --git a/components/ILIAS/LTIConsumer/classes/class.ilObjLTIConsumer.php b/components/ILIAS/LTIConsumer/classes/class.ilObjLTIConsumer.php
index 6262eb78a620..5d3a179f0e5d 100755
--- a/components/ILIAS/LTIConsumer/classes/class.ilObjLTIConsumer.php
+++ b/components/ILIAS/LTIConsumer/classes/class.ilObjLTIConsumer.php
@@ -1313,7 +1313,7 @@ public static function registerClient(array $data, object $tokenObj): array
         $reponseData = $data;
         $provider = new ilLTIConsumeProvider();
         $toolConfig = $data['https://purl.imsglobal.org/spec/lti-tool-configuration'];
-        $provider->setTitle($data['client_name']);
+        $provider->setTitle(strip_tags($data['client_name'], ilObjectGUI::ALLOWED_TAGS_IN_TITLE_AND_DESCRIPTION));
         $provider->setProviderUrl($toolConfig['target_link_uri']);
         $provider->setInitiateLogin($data['initiate_login_uri']);
         $provider->setRedirectionUris(implode(",", $data['redirect_uris']));
diff --git a/components/ILIAS/LTIConsumer/ltiregstart.php b/components/ILIAS/LTIConsumer/ltiregstart.php
index 2e1022d07ec1..b9eaeb8ed064 100755
--- a/components/ILIAS/LTIConsumer/ltiregstart.php
+++ b/components/ILIAS/LTIConsumer/ltiregstart.php
@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * This file is part of ILIAS, a powerful learning management system
  * published by ILIAS open source e-Learning e.V.
@@ -18,13 +16,15 @@
  *
  *********************************************************************/
 
+declare(strict_types=1);
+
 /** @noRector */
 chdir("../../../");
 
 ilInitialisation::initILIAS();
 global $DIC;
 
-if (!$DIC->user()->getId() || $DIC->user()->getId() === ANONYMOUS_USER_ID) {
+if (!$DIC->user()->getId() || !ilLTIConsumerAccess::hasCustomProviderCreationAccess()) {
     ilObjLTIConsumer::sendResponseError(401, "unauthorized");
 }