diff --git a/ChangeLog b/ChangeLog
index a1b1463ea04072e9d36c3109e2a47710eb02d956..40a5de9aa3c2039024f4d1ddd189d8daed56edf0 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@
 
 	* Fixed bug #13372: saltedpasswords - Authentication Bypass in frontend user authentication (thanks to Marcus Krause & Dmitry Dulepov)
 	* Fixed bug #13394: Information disclosure in sysext:sys_actions (thanks to Georg Ringer)
+	* Fixed bug #13042: XSS in index.php (thanks to Georg Ringer)
 
 2010-02-22  Benjamin Mack  <benni@typo3.org>
 
diff --git a/index.php b/index.php
index be634e559e65c2290c1084a86f72d6de080de019..84195f5d0520a7786e7c3200e36034f1040995b5 100644
--- a/index.php
+++ b/index.php
@@ -70,7 +70,7 @@ if (@is_dir(PATH_site.'typo3/sysext/cms/tslib/')) {
 }
 
 if (PATH_tslib=='') {
-	die('Cannot find tslib/. Please set path by defining $configured_tslib_path in '.basename(PATH_thisScript).'.');
+	die('Cannot find tslib/. Please set path by defining $configured_tslib_path in ' . htmlspecialchars(basename(PATH_thisScript)) . '.');
 }
 
 // ******************