diff --git a/main/webservices/api/v2.php b/main/webservices/api/v2.php
index bca1d19a2f6..1a1430fe642 100644
--- a/main/webservices/api/v2.php
+++ b/main/webservices/api/v2.php
@@ -23,6 +23,20 @@
 
 $httpRequest = HttpRequest::createFromGlobals();
 
+$jsonContent = 'application/json' === $httpRequest->headers->get('Content-Type')
+    ? json_decode($httpRequest->getContent(), true)
+    : null;
+
+if ($jsonContent) {
+    foreach ($jsonContent as $key => $value) {
+        $value = Security::remove_XSS($value);
+
+        $httpRequest->query->set($key, $value);
+        $httpRequest->request->set($key, $value);
+        $httpRequest->overrideGlobals();
+    }
+}
+
 $hash = $httpRequest->query->get('hash');
 
 if ($hash) {