CVE-2025-3900
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-3900
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-3900.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-3900
- Published
- 2025-04-23T17:16:55Z
- Modified
- 2025-06-27T11:05:38.531237Z
- Summary
- [none]
- Details
-
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.
- References
Affected packages
Git / git.drupalcode.org/project/colorbox
Affected ranges
- Type
- GIT
- Repo
- https://git.drupalcode.org/project/colorbox
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedb085cda3567853a1207e222c2f96fe008f0165e7
Affected versions
2.*
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
6.*
6.x-1.0-beta1
6.x-1.0-beta2
6.x-1.0-beta3
6.x-1.0-beta4
7.*
7.x-1.0
7.x-1.0-beta1
7.x-1.0-beta2
7.x-1.0-beta3
7.x-1.0-beta4
7.x-1.1
7.x-1.2
7.x-1.3
7.x-2.0
7.x-2.0-beta1
7.x-2.0-beta2
7.x-2.0-beta3
7.x-2.0-beta4
7.x-2.1
7.x-2.2
7.x-2.3
7.x-2.4
8.*
8.x-1.0
8.x-1.1
8.x-1.10
8.x-1.2
8.x-1.3
8.x-1.4
8.x-1.5
8.x-1.6
8.x-1.7
8.x-1.8
8.x-1.9