PT-2026-55084 · Packagist · Drupal Colorbox
Published
2026-07-01
·
Updated
2026-07-01
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.
The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.
This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Drupal Colorbox