CVE-2015-7881

Colorbox module <7.x-2.10 - Auth Bypass

Title source: llm
STIX 2.1

Description

The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.

References (2)

Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2582071
Patch x_refsource_confirm
https://www.drupal.org/node/2578165

Scores

EPSS 0.0087
EPSS Percentile 54.2%

Details

CWE
CWE-284
Status published
Products (10)
colorbox_project/colorbox 7.x-2.0
colorbox_project/colorbox 7.x-2.1
colorbox_project/colorbox 7.x-2.2
colorbox_project/colorbox 7.x-2.3
colorbox_project/colorbox 7.x-2.4
colorbox_project/colorbox 7.x-2.5
colorbox_project/colorbox 7.x-2.6
colorbox_project/colorbox 7.x-2.7
colorbox_project/colorbox 7.x-2.8
colorbox_project/colorbox 7.x-2.9
Published Oct 26, 2015
Tracked Since Feb 18, 2026