diff --git a/library/README.libs b/library/README.libs
index 77be29aff0..7feb249669 100644
--- a/library/README.libs
+++ b/library/README.libs
@@ -7,7 +7,7 @@ directory       | project         | version  | status
 adodb           | adodb           | 5.10     | patched: various, see git
 disposable      | disposable      | 1.1.0    | unpatched
 ezc             | ez Components   | 2009.2.1 | unpatched
-nusoap          | nusoap          | 0.9.5    | unpatched
+nusoap          | nusoap          | 0.9.5    | patched: XSS vulnerabilities as per #12312
 phpmailer       | PHPMailer       | 5.1      | unpatched
 projax          | projax          |          | unpatched
 rssbuilder      | RSSBuilder      | 2.2.1    | patched: removed __autoload function
diff --git a/library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch b/library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch
new file mode 100644
index 0000000000..be63845be4
--- /dev/null
+++ b/library/nusoap/0001-Fix-12312-NuSOAP-web-description-XSS-vulnerability.patch
@@ -0,0 +1,119 @@
+From edb817991b99cd5538f102be26865fde7c6b7212 Mon Sep 17 00:00:00 2001
+From: David Hicks <hickseydr@optusnet.com.au>
+Date: Thu, 2 Sep 2010 21:51:21 +1000
+Subject: [PATCH] Fix #12312: NuSOAP web description XSS vulnerability
+
+Bogdan Calin from Acunetix discovered a number of XSS vulnerabilities in
+NuSOAP 0.9.5 (bundled with MantisBT) relating to improperly escaped
+URLs.
+
+A sample exploit URL is:
+/api/soap/mantisconnect.php?1<ScRiPt>prompt(923395)</ScRiPt>
+
+The upstream report for these XSS flaws in NuSOAP is located at the
+following URL:
+http://sourceforge.net/projects/nusoap/forums/forum/193579/topic/3834005
+
+This patch provides an interim fix for MantisBT users until upstream
+makes a new release.
+---
+ library/nusoap/class.wsdl.php |   16 ++++++++--------
+ library/nusoap/nusoap.php     |   14 +++++++-------
+ 2 files changed, 15 insertions(+), 15 deletions(-)
+
+diff --git a/library/nusoap/class.wsdl.php b/library/nusoap/class.wsdl.php
+index 6d2a693..7dcc307 100644
+--- a/library/nusoap/class.wsdl.php
++++ b/library/nusoap/class.wsdl.php
+@@ -842,9 +842,9 @@ class wsdl extends nusoap_base {
+ 		<body>
+ 		<div class=content>
+ 			<br><br>
+-			<div class=title>'.$this->serviceName.'</div>
++			<div class=title>'.htmlentities($this->serviceName).'</div>
+ 			<div class=nav>
+-				<p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++				<p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ 				Click on an operation name to view it&apos;s details.</p>
+ 				<ul>';
+ 				foreach($this->getOperations() as $op => $data){
+@@ -854,21 +854,21 @@ class wsdl extends nusoap_base {
+ 				    <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ 				    foreach($data as $donnie => $marie){ // loop through opdata
+ 						if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+-						    $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++						    $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ 						    foreach($marie as $captain => $tenille){ // loop through data
+ 								if($captain == 'parts'){ // loop thru parts
+-								    $b .= "&nbsp;&nbsp;$captain:<br>";
++								    $b .= "&nbsp;&nbsp;".htmlentities($captain).":<br>";
+ 					                //if(is_array($tenille)){
+ 								    	foreach($tenille as $joanie => $chachi){
+-											$b .= "&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>";
++											$b .= "&nbsp;&nbsp;&nbsp;&nbsp;".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ 								    	}
+ 					        		//}
+ 								} else {
+-								    $b .= "&nbsp;&nbsp;$captain: $tenille<br>";
++								    $b .= "&nbsp;&nbsp;".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ 								}
+ 						    }
+ 						} else {
+-						    $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++						    $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ 						}
+ 				    }
+ 					$b .= '</div>';
+@@ -1935,4 +1935,4 @@ class wsdl extends nusoap_base {
+ 	} 
+ }
+ 
+-?>
+\ No newline at end of file
++?>
+diff --git a/library/nusoap/nusoap.php b/library/nusoap/nusoap.php
+index 4973532..10750aa 100644
+--- a/library/nusoap/nusoap.php
++++ b/library/nusoap/nusoap.php
+@@ -5424,9 +5424,9 @@ class wsdl extends nusoap_base {
+ 		<body>
+ 		<div class=content>
+ 			<br><br>
+-			<div class=title>'.$this->serviceName.'</div>
++			<div class=title>'.htmlentities($this->serviceName).'</div>
+ 			<div class=nav>
+-				<p>View the <a href="'.$PHP_SELF.'?wsdl">WSDL</a> for the service.
++				<p>View the <a href="'.htmlentities($PHP_SELF).'?wsdl">WSDL</a> for the service.
+ 				Click on an operation name to view it&apos;s details.</p>
+ 				<ul>';
+ 				foreach($this->getOperations() as $op => $data){
+@@ -5436,21 +5436,21 @@ class wsdl extends nusoap_base {
+ 				    <a href='#' onclick='popout()'><font color='#ffffff'>Close</font></a><br><br>";
+ 				    foreach($data as $donnie => $marie){ // loop through opdata
+ 						if($donnie == 'input' || $donnie == 'output'){ // show input/output data
+-						    $b .= "<font color='white'>".ucfirst($donnie).':</font><br>';
++						    $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).':</font><br>';
+ 						    foreach($marie as $captain => $tenille){ // loop through data
+ 								if($captain == 'parts'){ // loop thru parts
+-								    $b .= "&nbsp;&nbsp;$captain:<br>";
++								    $b .= "&nbsp;&nbsp;".htmlentities($captain).":<br>";
+ 					                //if(is_array($tenille)){
+ 								    	foreach($tenille as $joanie => $chachi){
+-											$b .= "&nbsp;&nbsp;&nbsp;&nbsp;$joanie: $chachi<br>";
++											$b .= "&nbsp;&nbsp;&nbsp;&nbsp;".htmlentities($joanie).": ".htmlentities($chachi)."<br>";
+ 								    	}
+ 					        		//}
+ 								} else {
+-								    $b .= "&nbsp;&nbsp;$captain: $tenille<br>";
++								    $b .= "&nbsp;&nbsp;".htmlentities($captain).": ".htmlentities($tenille)."<br>";
+ 								}
+ 						    }
+ 						} else {
+-						    $b .= "<font color='white'>".ucfirst($donnie).":</font> $marie<br>";
++						    $b .= "<font color='white'>".htmlentities(ucfirst($donnie)).":</font> ".htmlentities($marie)."<br>";
+ 						}
+ 				    }
+ 					$b .= '</div>';
+-- 
+1.7.2.2
+