CVE-2014-9346

Name of the Vulnerable Software and Affected Versions Drupal Hierarchical Select module versions 6.x-3.x before 6.x-3.9

Description The issue allows remote authenticated users with certain permissions to inject arbitrary web script or HTML. This can be achieved via vectors related to the taxonomy term title for instances with Save term lineage enabled or entity type fields.

Recommendations For versions prior to 6.x-3.9, update to version 6.x-3.9 or later to resolve the issue.