CVE-2025-3900
Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.
Reserved 2025-04-23 | Published 2025-04-23 | Updated 2025-04-25 | Assigner drupalCWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Pierre Rudloff (prudloff)
Jen Lampton (jenlampton)
Paul McKibben (paulmckibben)
Greg Knaddison (greggles)
Juraj Nemec (poker10)
www.drupal.org/sa-contrib-2025-041
Support options
