diff --git a/ChangeLog b/ChangeLog
index b2020a3ae..67e238a74 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -27,6 +27,11 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1828265 [privileges] No weird characters in generated password 
 - bug #1759194 [import] open_basedir warning
 
+2.11.2.2 (2007-11-20)
+- bug #1835123 [security] fixed XSS vulnerability on login page, 
+  thanks to Tim Brown (Nth Dimension) for the advisory 
+  and to Sebastian for the fix
+
 2.11.2.1 (2007-11-11)
 - fixed possible SQL injection using database name
 - fixed possible XSS in database name - thanks to Omer Singer, The DigiTrust Group
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index aa80737b4..7665e3e91 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -233,7 +233,7 @@ if (top != self) {
     <fieldset class="tblFooters">
         <input value="<?php echo $GLOBALS['strGo']; ?>" type="submit" />
         <input type="hidden" name="lang" value="<?php echo $GLOBALS['lang']; ?>" />
-        <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />
+        <input type="hidden" name="convcharset" value="<?php echo htmlspecialchars($GLOBALS['convcharset'], ENT_QUOTES); ?>" />
     <?php
     if (!empty($GLOBALS['target'])) {
         echo '            <input type="hidden" name="target" value="' . htmlspecialchars($GLOBALS['target']) . '" />' . "\n";