VYPR

Colorbox

by Colorbox Project

CVEs (2)

  • CVE-2025-3900Apr 23, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.

  • CVE-2015-7881Oct 26, 2015
    risk 0.00cvss epss 0.01

    The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.