diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index 78aaf0e40..47500b6d6 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -2,6 +2,7 @@
  - fixed #11903: Unnecessary debug in Thingy
  - fixed #11908: Inbox messages linger after deleting a user
  - fixed #11909: Wrong message count in the inbox
+ - fixed #11773: Form injection in the EMS event ordering code.
 
 7.10.2
  - fixed #11884: Editing Templates impossible / Code editor not loaded
diff --git a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
index 81ef87a67..a47d10ba7 100644
--- a/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
+++ b/lib/WebGUI/Asset/Wobject/EventManagementSystem.pm
@@ -2456,7 +2456,8 @@ Method to move an event down one position in display order
 sub www_moveEventMetaFieldDown {
 	my $self = shift;
 	return $self->session->privilege->insufficient unless ($self->canEdit);
-	$self->moveCollateralDown('EMSEventMetaField', 'fieldId', $self->session->form->get("fieldId"));
+    my $fieldId = $self->session->form->get("fieldId");
+	$self->moveCollateralDown('EMSEventMetaField', 'fieldId', $fieldId);
 	return $self->www_manageEventMetaFields;
 }
 
@@ -2471,7 +2472,8 @@ Method to move an event metdata field up one position in display order
 sub www_moveEventMetaFieldUp {
 	my $self = shift;
 	return $self->session->privilege->insufficient unless ($self->canEdit);
-	$self->moveCollateralUp('EMSEventMetaField', 'fieldId', $self->session->form->get("fieldId"));
+    my $fieldId = $self->session->form->get("fieldId");
+	$self->moveCollateralUp('EMSEventMetaField', 'fieldId', $fieldId);
 	return $self->www_manageEventMetaFields;
 }