diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog
index 44416de768..e31e9b1ff9 100644
--- a/pandora_console/ChangeLog
+++ b/pandora_console/ChangeLog
@@ -1,3 +1,8 @@
+2012-11-08  Sancho Lerena <slerena@artica.es>
+
+	 * include/functions_config.php: Fixed a XSS in login :-O. Thanks
+        to gobejishvili for reporting.
+
 2012-11-08 Miguel de Dios <miguel.dedios@artica.es>
 	
 	* operation/events/events.php, include/functions_tags.php: cleaned
diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php
index effea4d919..c10eaeadcd 100644
--- a/pandora_console/include/functions_config.php
+++ b/pandora_console/include/functions_config.php
@@ -672,7 +672,7 @@ function config_process_config () {
 			if (isset($config['id_user']))
 				$relative_path = enterprise_hook('skins_set_image_skin_path',array($config['id_user']));
 			else
-				$relative_path = enterprise_hook('skins_set_image_skin_path',array($_POST['nick']));
+				$relative_path = enterprise_hook('skins_set_image_skin_path',array(get_parameter('nick')));
 			$config['relative_path'] = $relative_path;
 		}
 	}