Description
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.drupal.org/node/2582071
Patch x_refsource_confirm
https://www.drupal.org/node/2578165
Scores
EPSS
0.0087
EPSS Percentile
54.2%
Details
CWE
CWE-284
Status
published
Products (10)
colorbox_project/colorbox
7.x-2.0
colorbox_project/colorbox
7.x-2.1
colorbox_project/colorbox
7.x-2.2
colorbox_project/colorbox
7.x-2.3
colorbox_project/colorbox
7.x-2.4
colorbox_project/colorbox
7.x-2.5
colorbox_project/colorbox
7.x-2.6
colorbox_project/colorbox
7.x-2.7
colorbox_project/colorbox
7.x-2.8
colorbox_project/colorbox
7.x-2.9
Published
Oct 26, 2015
Tracked Since
Feb 18, 2026