diff --git a/ChangeLog b/ChangeLog
index 54ef4ec01..72976de3c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
 
+3.3.10.4 (not yet released)
+- [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13
+
 3.3.10.3 (2011-07-23)
 - [security] Fixed XSS vulnerability, see PMASA-2011-9
 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
diff --git a/db_datadict.php b/db_datadict.php
index 0c16cb72f..086d7be02 100644
--- a/db_datadict.php
+++ b/db_datadict.php
@@ -70,7 +70,7 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
         echo '<div>' . "\n";
     }
 
-    echo '<h2>' . $table . '</h2>' . "\n";
+    echo '<h2>' . htmlspecialchars($table) . '</h2>' . "\n";
 
     /**
      * Gets table informations