Colorbox Project

colorbox_project

2 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Colorbox

colorbox

2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-3900 1Colorbox Project 1Colorbox Jun 20, 2025 Apr 23, 2025 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.
CVE-2015-7881 1Colorbox Project 1Colorbox May 6, 2026 Oct 26, 2015 N/A· v4 N/A· v3 3.5 LOW· v2 The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors,...Show more The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.Show less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2025-3900

1Colorbox Project

1Colorbox

Jun 20, 2025

Apr 23, 2025

N/A· v4

6.1 MEDIUM· v3

N/A· v2

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.

CVE-2015-7881

1Colorbox Project

1Colorbox

May 6, 2026

Oct 26, 2015

N/A· v4

N/A· v3

3.5 LOW· v2

The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors,...Show more