Alternative Ways to get past Entity Blocking (XSS)
It looks like what you're dealing with (at least from an outward perspective, who knows exactly how it's being implemented), is a call to the PHP function addslashes(). I would suggest reading up on bypasses for that particular call, as there are many generic XSS payloads that can do it.
Now to be clear, that's just from a preliminary look at a single set of outputs. Generally speaking, one would have to observe a much larger number of requests/responses to get a feel for what the filter is actually doing before making a guess with any strong merit. There are rarely one-size-fits-all payloads in the modern age of injection, so copy/pasting from random sites is unlikely to yield any strong results.
You're always better off using numbers when you're looking for XSS vulnerabilities, as they don't need to be wrapped in single or double quotes, so you wouldn't accidently trip any filters that were intended to prevent sql injection.
You said encoding HTML Entities doesn't work, have you tried double encoding it, or even using backticks?
If it's sent via POST check to see if it can also be sent as a GETÂ as the filters are often different for data sent via the url.
Failing that, you should make a list of any special chars that do pass the filters, then you'll know what you have to work with.