diff --git a/ChangeLog b/ChangeLog
index d73196056..fc4d442d2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -95,6 +95,7 @@ danbarry
 - bug #2022182 [import, export] Import/Export fails because of Mac files
 - [security] protection against cross-frame scripting and
   new directive AllowThirdPartyFraming, thanks to YGN Ethical Hacker Group
+- [security] possible XSS during setup, thanks to YGN Ethical Hacker Group
 
 2.11.7.1 (2008-07-15)
 - bug [security] XSRF/CSRF by manipulating the db,
diff --git a/scripts/setup.php b/scripts/setup.php
index 94372040e..62c3f59c0 100644
--- a/scripts/setup.php
+++ b/scripts/setup.php
@@ -682,7 +682,7 @@ function show_overview($title, $list, $buttons = '') {
         echo $val[0];
         echo '</div>';
         echo '<div class="data">';
-        echo $val[1];
+        echo htmlspecialchars($val[1]);
         echo '</div>';
         echo '</div>' . "\n";
     }