PT-2026-55226 · Drupal+1 · Colorbox+1
Paul Mckibben
+1
·
Published
2026-07-01
·
Updated
2026-07-10
·
CVE-2026-58591
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Drupal Colorbox versions 0.0.0 through 2.2.0
Description
Improper neutralization of input during web page generation allows Cross-Site Scripting (XSS), where malicious JavaScript can be injected into the page. This occurs because the module, which integrates with the Colorbox JavaScript library to display content in an overlay, does not sufficiently protect against injection in certain scenarios. Exploitation requires the attacker to possess a role that permits the entry of HTML content.
Recommendations
Update Drupal Colorbox to a version later than 2.2.0.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Colorbox
Drupal Colorbox