Atchmorun

**Name of the Vulnerable Software and Affected Versions** Harvest Chosen versions up to 1.8.6 **Description** A problematic issue has been found in Harvest Chosen, affecting the `AbstractChosen` function of the file `coffee/lib/abstract-chosen.coffee`. The manipulation of the `group label` argument leads to cross-site scripting. The attack can be launched remotely. **Recommendations** For Harvest Chosen versions up to 1.8.6, upgrade to version 1.8.7 to address this issue. As a temporary workaround, consider restricting the manipulation of the `group label` argument in the `AbstractChosen` function until the upgrade is applied.