diff --git a/templates/status.php b/templates/status.php
index 72d6b2a5496854205b53fa0b24704132483ccc27..9c93364b1db313bfc200f159a036a9ae8e62d75f 100644
--- a/templates/status.php
+++ b/templates/status.php
@@ -28,7 +28,11 @@ $attributes = $this->data['attributes'];
 
 function present_list($attr) {
 	if (is_array($attr) && count($attr) > 1) {
-		$str = '<ul><li>' . join('</li><li>', $attr) . '</li></ul>';
+		$str = '<ul>';
+		foreach ($attr as $value) {
+			$str .= '<li>' . htmlspecialchars($attr) . '</li>';
+		}
+		$str .= '</ul>';
 		return $str;
 	} else {
 		return htmlspecialchars($attr[0]);
@@ -73,7 +77,7 @@ function present_attributes($t, $attributes, $nameParent) {
 				$str .= '<tr class="' . $alternate[($i++ % 2)] . '"><td class="attrname">' . htmlspecialchars($name) . '</td><td class="attrvalue"><ul>';
 				foreach ($value AS $listitem) {
 					if ($nameraw === 'jpegPhoto') {
-						$str .= '<li><img src="data:image/jpeg;base64,' . $listitem . '" /></li>';
+						$str .= '<li><img src="data:image/jpeg;base64,' . htmlspecialchars($listitem) . '" /></li>';
 					} else {
 						$str .= '<li>' . present_assoc($listitem) . '</li>';
 					}