3 matches found
CVE-2015-7881
The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote authenticated users with certain permissions to bypass intended access restrictions and "add unexpected content to a Colorbox" via unspecified vectors, possibly related to a link in a comment...
CVE-2015-7881
The Drupal Colorbox module (7.x-2.x, prior to 7.x-2.10) allows remote authenticated users with specific permissions to bypass access restrictions and add unwanted content to a Colorbox, likely via a link-in-comment vector. Affected: Colorbox 7.x-2.x (
Colorbox - Access bypass - Less Critical - SA-CONTRIB-2015-156
This module allows for integration of Colorbox, a jQuery lightbox plugin, into Drupal. The module allows unprivileged users to add unexpected content to a Colorbox, including content from external sites. This allows an unprivileged user to deface a site. This vulnerability is mitigated by the fac...