Project: Select (or other)
Security risk: *Moderately critical* 14∕25
Vulnerability: Cross Site Scripting
This module enables users to select 'other' on certain form elements and a
textfield appears for the user to provide a custom value.
The module doesn't sufficiently escape values of a text field the under the
scenario when "Select or other" formatter is used.
This vulnerability is mitigated by the fact that an attacker must have access
to edit a field that is displayed through the "Select or other" formatter.
Also see the Select (or other) project page.