cvedb.io
CVE-2026-4929
MEDIUM · CVSS 5.4
EPSS exploitation probability: 0%
Published 2026-05-21T22:16:48.420 · Last modified 2026-06-17T10:57:28.383

Summary

Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_children). Malicious taxonomy term names can be rendered unsafely depending on output context. This affects versions from 7.x-1.0 through (and including) 7.x-1.10.

Affected products

simple_hierarchical_select_project — simple_hierarchical_select

Does this affect you?

Add your gear to cvedb and we'll alert you only when simple_hierarchical_select_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.