Ram4Nd

**Name of the Vulnerable Software and Affected Versions** Drupal 7 Term Reference Tree versions 7.x-1.x through 7.x-1.11 **Description** Two stored Cross-Site Scripting (XSS) vectors exist in the widget/formatter rendering pipeline. The first vector occurs when the Token module is enabled and token display templates are configured, causing attacker-controlled token output, such as term descriptions, to be rendered without proper sanitization. This allows users capable of editing referenced taxonomy terms to inject HTML or JavaScript. The second vector involves taxonomy term labels that are not properly sanitized before being rendered in the widget, enabling users with permissions to create or edit taxonomy terms to inject scripts into the term name that execute when a form containing the widget is viewed. **Recommendations** Update Drupal 7 Term Reference Tree to a version later than 7.x-1.11.

**Name of the Vulnerable Software and Affected Versions** Simple Hierarchical Select (SHS) for Drupal 7 versions 7.x-1.0 through 7.x-1.10 **Description** Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending on the output context. Confirmed affected paths include the field formatter output `shs field formatter view()` and term-tree child-term data generation `shs term get children()`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.