Medium severity5.4NVD Advisory· Published May 21, 2026· Updated Jun 1, 2026
CVE-2026-4929
CVE-2026-4929
Description
Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_children). Malicious taxonomy term names can be rendered unsafely depending on output context. This affects versions from 7.x-1.0 through (and including) 7.x-1.10.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- cpe:2.3:a:simple_hierarchical_select_project:simple_hierarchical_select:*:*:*:*:*:drupal:*:*Range: >=7.x-1.0,<=7.x-1.10
- Range: 7.x-1.0 through 7.x-1.10
Patches
Vulnerability mechanics
References
3- www.herodevs.com/vulnerability-directory/cve-2026-4929nvdExploitThird Party Advisory
- www.herodevs.com/vulnerability-directory/cve-2026-4929nvdExploitThird Party Advisory
- d7es.tag1.com/security-advisories/simple-hierarchical-select-moderately-critical-cross-site-scriptingnvdThird Party Advisory
News mentions
0No linked articles in our index yet.