Michael Harris

**Name of the Vulnerable Software and Affected Versions** Drupal Colorbox Inline versions 0.0.0 through 2.1.0 **Description** An issue in the Drupal Colorbox Inline module, which allows opening page content within a colorbox, occurs because the module does not sufficiently sanitize the `data-colorbox-inline` attribute value before passing it to jQuery. This leads to Cross-Site Scripting (XSS), a flaw where malicious scripts are injected into trusted websites. Exploitation requires the attacker to possess a role with permissions to enter HTML tags containing specific data attributes. **Recommendations** Update to version 2.1.1.