Skip to main content

Colorbox Inline

1 CVEs product

Monthly

CVE-2026-8493 PHP MEDIUM PATCH This Month

Cross-site scripting in the Drupal Colorbox Inline contributed module (versions 0.0.0 through before 2.1.1) allows an authenticated low-privileged attacker to inject malicious script into web page output, which executes in a victim's browser when they interact with the affected content. The changed-scope CVSS vector (S:C) confirms the classic XSS pattern where attacker-controlled content runs in a different security context than the origin. No public exploit code exists and no active exploitation has been identified; EPSS at 0.03% (8th percentile) confirms this is not a currently targeted vulnerability.

XSS Colorbox Inline
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Cross-site scripting in the Drupal Colorbox Inline contributed module (versions 0.0.0 through before 2.1.1) allows an authenticated low-privileged attacker to inject malicious script into web page output, which executes in a victim's browser when they interact with the affected content. The changed-scope CVSS vector (S:C) confirms the classic XSS pattern where attacker-controlled content runs in a different security context than the origin. No public exploit code exists and no active exploitation has been identified; EPSS at 0.03% (8th percentile) confirms this is not a currently targeted vulnerability.

XSS Colorbox Inline
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy