Fix xss on account settings page

2020-12-24 00:07:40 +01:00
parent 0b7515eccd
commit 96ca0ed90f
3 changed files with 6 additions and 4 deletions
--- a/res/include/md/acknowledgements.md
+++ b/res/include/md/acknowledgements.md
@@ -30,7 +30,8 @@

 * 2020-12-06 Security researcher Arian Firoozfar reported a cross-site
   scripting vulnerability on the file viewer page. The issue was fixed the
-   following day.
+   following day. On the 26th another XSS vulnerability was found on the account
+   settings page, it was fixed later that day.

 * 2017-12-04 Security researcher Hangyi reported a cross-site scripting
   vulnerability on the file viewer page. The issue was fixed on the 6th.
--- a/res/template/server_status.html
+++ b/res/template/server_status.html
@@ -16,8 +16,8 @@

 	<body>
 		{{template "page_menu" .}}
-		<div class="page_body" style="padding: 0; top: 0; bottom: 0;">
-			<iframe id="page_body" src="https://status.pixeldrain.com" class="status_frame"></iframe>
+		<div id="page_body" class="page_body" style="padding: 0; top: 0; bottom: 0;">
+			<iframe src="https://status.pixeldrain.com" class="status_frame"></iframe>
 		</div>
 		{{template "analytics"}}
 	</body>