diff --git a/Changes b/Changes
index da4e5fd..7f19535 100644
--- a/Changes
+++ b/Changes
@@ -12,6 +12,9 @@ N.N.N  - DD-MMM-2015
 - Fixed to force a rigid scale in the memory graph.
 	(thanks to Lane Russell, lanerussell028 AT gmail.com for pointing this out)
 - Fixed the scale of the y-axis in 'du'.
+- Fixed a DOM based XSS and a potential DoS vulnerabilities that affected the
+  'when' parameter of the 'monitorix.cgi' file.
+	(thanks to Dolev Farhi, farhi AT F5.com for pointing this out)
 - Small cosmetic changes.
 
 
diff --git a/monitorix.cgi b/monitorix.cgi
index 5397741..69df2c5 100755
--- a/monitorix.cgi
+++ b/monitorix.cgi
@@ -332,7 +332,7 @@ $colors{graph_bg_color} = $config{theme}->{$color}->{graph_bg};
 $colors{gap} = $config{theme}->{$color}->{gap};
 
 
-($tf{twhen}) = ($when =~ m/(hour|day|week|month|year)$/);
+($tf{twhen}) = ($when =~ m/^\d+(hour|day|week|month|year)$/);
 ($tf{nwhen} = $when) =~ s/$tf{twhen}// unless !$tf{twhen};
 $tf{nwhen} = 1 unless $tf{nwhen};
 $tf{twhen} = "day" unless $tf{twhen};