2 matches found
CVE-2014-9346
The CVE records multiple XSS vulnerabilities in the Drupal Hierarchical Select module (6.x-3.x) prior to 6.x-3.9. The issues allow remote authenticated users with certain permissions to inject arbitrary script/HTML via (1) taxonomy term title when Save term lineage is enabled and (2) entity type ...
SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS)
The Hierarchical Select module provides a "hierarchicalselect" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to two Cross Site Scripting XSS vulnerabilities...