CVE-2026-8493

Name of the Vulnerable Software and Affected Versions Drupal Colorbox Inline versions 0.0.0 through 2.1.0

Description An issue in the Drupal Colorbox Inline module, which allows opening page content within a colorbox, occurs because the module does not sufficiently sanitize the data-colorbox-inline attribute value before passing it to jQuery. This leads to Cross-Site Scripting (XSS), a flaw where malicious scripts are injected into trusted websites. Exploitation requires the attacker to possess a role with permissions to enter HTML tags containing specific data attributes.

Recommendations Update to version 2.1.1.