DRUPAL-CONTRIB-2026-069

See a problem?
Import Source
https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/colorbox/DRUPAL-CONTRIB-2026-069.json
JSON Data
https://api.osv.dev/v1/vulns/DRUPAL-CONTRIB-2026-069
Aliases
  • CVE-2026-58591
Published
2026-07-01T17:24:05Z
Modified
2026-07-01T19:30:04.410586796Z
Summary
[none]
Details

The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.

The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.

This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.

References
Credits

Affected packages

Packagist:https://packages.drupal.org/8 / drupal/colorbox

Package

Name
drupal/colorbox
Purl
pkg:composer/drupal%2Fcolorbox

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.5
Database specific
{
    "constraint": "< 2.1.5"
}
Type
ECOSYSTEM
Events
Introduced
2.2.0
Last affected
2.2.0
Database specific
{
    "constraint": "2.2.0"
}

Database specific

affected_versions
"< 2.1.5 || 2.2.0"
source
"https://github.com/DrupalSecurityTeam/drupal-advisory-database/blob/main/advisories/colorbox/DRUPAL-CONTRIB-2026-069.json"