diff --git a/ChangeLog b/ChangeLog
index 55ab3c566..7f1c4660f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,6 +9,8 @@ $HeadURL$
     * Documentation.html, libraries/ip_allow_deny.lib.php: Define headers
       which to trust in configuration, thanks for help with this to Christian
       Schmidt, Peytz & Co.
+    * libraries/PMA_List_Database.class.php: Fix XSS on database comment,
+      thanks to laurent gaffié.
 
 2006-11-18 Marc Delisle  <lem9@users.sourceforge.net>
     * index.php, libraries/common.lib.php, /cleanup.lib.php: undefined index
diff --git a/libraries/PMA_List_Database.class.php b/libraries/PMA_List_Database.class.php
index 79fc4c3ff..648f3c9b7 100644
--- a/libraries/PMA_List_Database.class.php
+++ b/libraries/PMA_List_Database.class.php
@@ -424,12 +424,12 @@ require_once './libraries/PMA_List.class.php';
                 $cut = false;
             }
             foreach ($dbs as $db) {
-                $return .= '<option value="' . $db['name'] . '"'
-                    .' title="' . $db['comment'] . '"';
+                $return .= '<option value="' . htmlspecialchars($db['name']) . '"'
+                    .' title="' . htmlspecialchars($db['comment']) . '"';
                 if ($db['name'] == $selected) {
                     $return .= ' selected="selected"';
                 }
-                $return .= '>' . ($cut ? $db['disp_name_cut'] : $db['disp_name'])
+                $return .= '>' . htmlspecialchars($cut ? $db['disp_name_cut'] : $db['disp_name'])
                     .' (' . $db['num_tables'] . ')</option>' . "\n";
             }
             if (count($dbs) > 1) {