CVE-2026-4929

Name of the Vulnerable Software and Affected Versions Simple Hierarchical Select (SHS) for Drupal 7 versions 7.x-1.0 through 7.x-1.10

Description Cross-site scripting risk exists due to improper output escaping of term-derived text. Malicious taxonomy term names can be rendered unsafely depending on the output context. Confirmed affected paths include the field formatter output shs field formatter view() and term-tree child-term data generation shs term get children().

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.