๐Ÿ” CVE Alert

CVE-2026-8493

MEDIUM 5.4

Colorbox Inline - Moderately critical - Cross-site scripting - SA-CONTRIB-2026-036

CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
8th

Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Colorbox Inline allows Cross-Site Scripting (XSS). This issue affects Colorbox Inline: from 0.0.0 before 2.1.1.

CWE CWE-79
Vendor drupal
Product colorbox inline
Ecosystems
Industries
WebMedia
Published May 19, 2026
Last Updated May 20, 2026
Stay Ahead of the Next One

Get instant alerts for drupal colorbox inline

Be the first to know when new medium vulnerabilities affecting drupal colorbox inline are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Drupal / Colorbox Inline
0.0.0 < 2.1.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
drupal.org: https://www.drupal.org/sa-contrib-2026-036

Credits

Pierre Rudloff (prudloff) Michael Harris (miwayha) Bram Driesen (bramdriesen) Juraj Nemec (poker10) Pierre Rudloff (prudloff)