diff --git a/common/src/main/java/com/jeesite/common/web/CookieUtils.java b/common/src/main/java/com/jeesite/common/web/CookieUtils.java
index 38944263..3257c092 100644
--- a/common/src/main/java/com/jeesite/common/web/CookieUtils.java
+++ b/common/src/main/java/com/jeesite/common/web/CookieUtils.java
@@ -116,6 +116,7 @@ public class CookieUtils {
 				for (Cookie cookie : cookies) {
 					if (cookie.getName().equals(name)) {
 						value = EncodeUtils.decodeUrl(cookie.getValue());
+						value = EncodeUtils.xssFilter(value, request);
 						if (isRemove && response != null) {
 							cookie.setPath(path);
 							cookie.setMaxAge(0);