CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-4929

Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_field_formatter_view) and term-tree child-term data generation (shs_term_get_children). Malicious taxonomy term names can be rendered unsafely depending on output context. This affects versions from 7.x-1.0 through (and including) 7.x-1.10.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 9.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://d7es.tag1.com/security-advisories/simple-hierarchical-select-moderately-critical-cross-site-scripting
https://www.herodevs.com/vulnerability-directory/cve-2026-4929
https://www.herodevs.com/vulnerability-directory/cve-2026-4929?nes-for-drupal-7

Products affected by CVE-2026-4929

Simple Hierarchical Select Project » Simple Hierarchical Select » Version: Any

cpe:2.3:a:simple_hierarchical_select_project:simple_hierarchical_select:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-4929

Products

Pricing

Contact Us