diff --git a/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java b/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
index 0d63bd7..8ae0131 100644
--- a/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
+++ b/src/main/java/com/fortify/plugin/jenkins/FPRSummary.java
@@ -25,6 +25,7 @@
 import com.thoughtworks.xstream.XStream;
 
 import hudson.FilePath;
+import hudson.Util;
 import hudson.XmlFile;
 import hudson.util.XStream2;
 
@@ -53,7 +54,9 @@ private String buildFilename(String appName, String appVersion) {
 			filename += "-" + appVersion;
 		}
 		filename += FILE_EXTENSION;
-		return filename;
+		//both appName and appVersion come from user input, so we must sanitize
+		String sanitizedFilename = Util.rawEncode(filename);
+		return sanitizedFilename;
 	}
 
 	public void load(File parent, String appName, String appVersion) throws IOException {