Project: 
Date: 
2026-July-01
Vulnerability: 
Cross-site scripting
Affected versions: 
< 2.1.5 || 2.2.0
CVE IDs: 
CVE-2026-58591
Description: 

The Colorbox module integrates with the Colorbox JavaScript library to display content in an overlay above the page.

The module doesn't sufficiently protect against injection of malicious JavaScript under certain scenarios.

This vulnerability is mitigated by the fact that an attacker must have a role that permits them to enter HTML content.

Solution: 

Install the latest version:

Reported By: 
Coordinated By: