diff --git a/ChangeLog b/ChangeLog
index 75ab45384..961b33a65 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,7 @@ phpMyAdmin - ChangeLog
 - bug #3449659 [navi] Fast filter broken with table tree
 - bug #3448485 [GUI] Firefox favicon frameset regression
 - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20
+- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
 
 3.4.8.0 (2011-12-01)
 - bug #3425230 [interface] enum data split at space char (more space to edit)
diff --git a/libraries/config/ConfigFile.class.php b/libraries/config/ConfigFile.class.php
index 9e1690c07..178a18477 100644
--- a/libraries/config/ConfigFile.class.php
+++ b/libraries/config/ConfigFile.class.php
@@ -425,7 +425,7 @@ class ConfigFile
             return htmlspecialchars($verbose);
         }
         $host = $this->get("Servers/$id/host");
-        return empty($host) ? 'localhost' : $host;
+        return empty($host) ? 'localhost' : htmlspecialchars($host);
     }
 
     /**