4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.967 High
EPSS
Percentile
99.7%
Colorbox Node gives the user the ability to display ANY page inside a colorbox modal without the header and footer. The module accepts some settings from URL parameters and didn’t sufficiently validate them before printing them to the browser, allowing malicious users to inject script code into the page.
CVE: CVE-2012-4474
Drupal core is not affected. If you do not use the contributed Colorbox Node module, there is nothing you need to do.
Install the latest version:
Also see the Colorbox Node project page.