diff --git a/rowers/plannedsessions.py b/rowers/plannedsessions.py
index c8ca0ab2..d9e6add5 100644
--- a/rowers/plannedsessions.py
+++ b/rowers/plannedsessions.py
@@ -888,6 +888,10 @@ def get_dates_timeperiod(request, startdatestring='', enddatestring='',
                 startdate = timezone.now()-timezone.timedelta(days=5)
                 startdate = startdate.date()
                 enddate = timezone.now().date()
+            except parser.ParserError:
+                startdate = timezone.now()-timezone.timedelta(days=5)
+                startdate = startdate.date()
+                enddate = timezone.now().date()
 
         if startdate > enddate:
             e = startdate
diff --git a/rowers/views/apiviews.py b/rowers/views/apiviews.py
index 910f962c..b84dc6f5 100644
--- a/rowers/views/apiviews.py
+++ b/rowers/views/apiviews.py
@@ -2,7 +2,8 @@ from rowers.views.statements import *
 from rowers.tasks import handle_calctrimp
 from rowers.opaque import encoder
 from rowers.courses import coursetokml, coursestokml
-from xml.etree import ElementTree as ET
+#from xml.etree import ElementTree as ET
+from defusedxml import ElementTree as ET
 
 import arrow
 import pendulum
@@ -30,6 +31,8 @@ class XMLParser(BaseParser):
         dologging("apilog.log", "XML Parser")
         try:
             s = ET.parse(stream).getroot()
+        except ET.XMLSyntaxError:
+            return HttpResponse(status=400)
         except Exception as e: # pragma: no cover
             dologging("apilog.log",e)
             return HttpResponse(status=500)
diff --git a/rowers/weather.py b/rowers/weather.py
index c6533127..e7f2e0eb 100644
--- a/rowers/weather.py
+++ b/rowers/weather.py
@@ -2,7 +2,8 @@ import requests
 from requests.exceptions import ConnectionError
 import json
 from lxml import objectify, etree
-import xml.etree.ElementTree as ET
+#import xml.etree.ElementTree as ET
+from defusedxml import ElementTree as ET
 import time
 from datetime import datetime
 from rowingdata import rowingdata, geo_distance