PT-2026-55226 · Drupal+1 · Colorbox+1

Paul Mckibben

+1

·

Published

2026-07-01

·

Updated

2026-07-10

·

CVE-2026-58591

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Drupal Colorbox versions 0.0.0 through 2.2.0
Description Improper neutralization of input during web page generation allows Cross-Site Scripting (XSS), where malicious JavaScript can be injected into the page. This occurs because the module, which integrates with the Colorbox JavaScript library to display content in an overlay, does not sufficiently protect against injection in certain scenarios. Exploitation requires the attacker to possess a role that permits the entry of HTML content.
Recommendations Update Drupal Colorbox to a version later than 2.2.0.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-58591
DRUPAL-CONTRIB-2026-069

Affected Products

Colorbox
Drupal Colorbox