Client-side Hierarchical Select - Moderately critical - Cross-site scripting - SA-CONTRIB-2021-031
Project: Client-side Hierarchical Select Date: 2021-September-22 Security risk: Moderately critical 13∕25 Vulnerability: Cross-site scripting
The module provides a field widget for selecting taxonomy terms in a hierarchical fashion.
The module doesn't sanitize user input in certain cases, leading to a possible Cross-Site-Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that an attacker must have a role with permission to create or edit taxonomy terms to which the widget may apply.
Install the latest version:
If you use the cshs module for Drupal 8 or 9, upgrade to Client-side Hierarchical Select 8.x-3.5.