drupal/colorbox is vulnerable to Cross-Site Scripting (XSS)
42
Medium Risk
The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page. The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios. This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.
You are affected if you are using a version that falls within the vulnerable range.
drupal/colorbox is vulnerable to Cross-Site Scripting (XSS) in versions 0.0.0 - 2.1.4 and 2.2.0 - 2.2.0.
Upgrade the drupal/colorbox library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant