CVE-2025-3900

CVE-2025-3900: Colorbox - Moderately critical - Cross Site Scripting - SA-CONTRIB-2025-041

Vendor Drupal

Product Colorbox

Weakness CWE-79 · XSS

Published April 23, 2025

Last update April 25, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Colorbox allows Cross-Site Scripting (XSS).This issue affects Colorbox: from 0.0.0 before 2.1.3.

Key dates

02Disclosure timeline

April 23, 2025 CVE published

April 25, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3900 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-34624 Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79) CVE-2022-50787 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Stored Cross-Site Scripting CVE-2025-23035 Cross-Site Scripting (XSS) Stored endpoint 'adicionar_tipo_quadro_horario.php' parameter 'tipo' in WeGIA CVE-2020-9732 Stored XSS in AEM Sites Components CVE-2024-56359 Cross-site Scripting vulnerability through HyperLink cells in grist-core