diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index c4fae12a59..efc47527fa 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -6,6 +6,9 @@ in development
 
 Fixed
 ~~~~~
+* ‎Fix Snyk Security Finding Cross-site Scripting (XSS) in contrib/examples/sensors/echo_flask_app.py
+  Contributed by (@philipphomberger Schwarz IT KG)
+
 * Additional fixes for st2 client auth when proxy auth mode enabled #6049
   Contributed by @floatingstatic
 
diff --git a/contrib/examples/sensors/echo_flask_app.py b/contrib/examples/sensors/echo_flask_app.py
index 9cad9196af..742123574a 100644
--- a/contrib/examples/sensors/echo_flask_app.py
+++ b/contrib/examples/sensors/echo_flask_app.py
@@ -13,7 +13,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-from flask import request, Flask
+from flask import request, jsonify, Flask
 
 from st2reactor.sensor.base import Sensor
 
@@ -41,7 +41,9 @@ def echo():
             self._sensor_service.dispatch(
                 trigger="examples.echoflasksensor", payload=payload
             )
-            return request.data
+            return jsonify(
+                request.get_json(force=True), status=200, mimetype="application/json"
+            )
 
         self._log.info(
             "Listening for payload on http://{}:{}{}".format(