Skip to main content

Koollab Learning Management System

1 CVEs product

Monthly

CVE-2026-3007 MEDIUM NEWS This Month

Stored cross-site scripting (XSS) in Koollab LMS courselet feature allows authenticated users to inject arbitrary JavaScript that executes in the browsers of other users with courselet access, potentially compromising account security and enabling credential theft or malicious actions on behalf of affected users. CVSS 5.4 reflects network delivery, low complexity, and limited confidentiality/integrity impact constrained by required user interaction and authenticated access.

XSS Koollab Learning Management System
NVD VulDB
CVSS 3.1
5.4
EPSS
0.0%
EPSS 0% CVSS 5.4
MEDIUM This Month

Stored cross-site scripting (XSS) in Koollab LMS courselet feature allows authenticated users to inject arbitrary JavaScript that executes in the browsers of other users with courselet access, potentially compromising account security and enabling credential theft or malicious actions on behalf of affected users. CVSS 5.4 reflects network delivery, low complexity, and limited confidentiality/integrity impact constrained by required user interaction and authenticated access.

XSS Koollab Learning Management System
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy