23 matches found
EUVD-2026-31381
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
CVE-2026-4929
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
CVE-2026-4929 Simple Hierarchical Select (Drupal 7) XSS in term-derived output
Simple Hierarchical Select SHS for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output shsfieldformatterview and term-tree child-term data generation shstermgetchildren. Malicious taxonomy term...
CVE-2026-4929
The CVE concerns Simple Hierarchical Select (SHS) for Drupal 7, where cross-site scripting is possible due to improper output escaping of term-derived text. Affected code paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_childre...
EUVD-2010-2728
Malware in sbrugna...
EUVD-2012-1662
Malware in sbrugna...
EUVD-2014-9171
Malware in sbrugna...
Simple hierarchical select - Moderately critical - Cross site request forgery - SA-CONTRIB-2019-038
Simple hierarchical select defines a new form widget for taxonomy fields to select a term by "browsing" through the vocabularies hierarchy. It also allows users to create new taxonomy terms using its widget directly in the node form. Version 7.x of Simple hierarchical select doesn't sufficiently...
CVE-2014-9346
Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...
CVE-2014-9346
The CVE records multiple XSS vulnerabilities in the Drupal Hierarchical Select module (6.x-3.x) prior to 6.x-3.9. The issues allow remote authenticated users with certain permissions to inject arbitrary script/HTML via (1) taxonomy term title when Save term lineage is enabled and (2) entity type ...
CVE-2014-9346
Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...
SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS)
The Hierarchical Select module provides a "hierarchicalselect" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to two Cross Site Scripting XSS vulnerabilities...
CVE-2012-1652
Cross-site scripting XSS vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."...
Cross site scripting
Cross-site scripting XSS vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."...
CVE-2012-1652
Cross-site scripting XSS vulnerability in the Hierarchical Select module 6.x-3.x before 6.x-3.8 for Drupal allows remote authenticated users with administer taxonomy permissions to inject arbitrary web script or HTML via unspecified vectors related to "the vocabulary's help text."...
CVE-2012-1652
The CVE-2012-1652 affects the Drupal contributed module Hierarchical Select (6.x-3.x) prior to 6.x-3.8. It is a Cross-Site Scripting (XSS) vulnerability caused by unsanitized data in vocabulary help text exposed to remote authenticated users with administer taxonomy permissions. The impact is tha...
SA-CONTRIB-2012-028 - Hierarchical Select - Cross Site Scripting (XSS)
CVE: CVE-2012-1652 The Hierarchical Select module provides a "hierarchicalselect" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS...
CVE-2010-2724
Cross-site scripting XSS vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchicalselect form...
Cross site scripting
Cross-site scripting XSS vulnerability in the Hierarchical Select module 5.x before 5.x-3.2 and 6.x before 6.x-3.2 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via unspecified vectors in the hierarchicalselect form...