The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.
The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.
This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.