VDB
KO

DRUPAL-CONTRIB-2026-069

Details

The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.

The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.

This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.

Are you affected?

Enter the version of the package you're using.

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/colorbox
Introduced in: 0 Fixed in: 2.1.5

Upgrade drupal/colorbox to 2.1.5 or newer (ecosystem packagist:https://packages.drupal.org/8).

References