Cross-site Scripting (XSS)
jquery-colorbox is vulnerable to cross-site scripting XSS attacks. These attacks are possible when an HTML escaped user input is added to the title attribute of a colorbox. The injected code is executed when the page is rendered. The maintainers say this is expected behavior and will not fix this...