diff --git a/ChangeLog b/ChangeLog
index 294f7ef38..2c71eb090 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@ $Source$
     * Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
       which to trust in configuration, thanks for help with this to Christian
       Schmidt, Peytz & Co.
+    * libraries/common.lib.php: Fix XSS on database comment, thanks to laurent
+      gaffié.
 
 2006-11-18 Marc Delisle  <lem9@users.sourceforge.net>
     * index.php, libraries/common.lib.php: undefined index
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index ad0c4bb64..77e0741fe 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -180,11 +180,11 @@ function PMA_getHtmlSelectDb($selected = '')
         }
         foreach ($dbs as $db) {
             $return .= '<option value="' . $db['name'] . '"'
-                .' title="' . $db['comment'] . '"';
+                .' title="' . htmlspecialchars($db['comment']) . '"';
             if ($db['name'] == $selected) {
                 $return .= ' selected="selected"';
             }
-            $return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name'])
+            $return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
                 .' (' . $db['num_tables'] . ')</option>' . "\n";
         }
         if (count($dbs) > 1) {