Koollab Learning Management System
Monthly
Stored cross-site scripting (XSS) in Koollab LMS courselet feature allows authenticated users to inject arbitrary JavaScript that executes in the browsers of other users with courselet access, potentially compromising account security and enabling credential theft or malicious actions on behalf of affected users. CVSS 5.4 reflects network delivery, low complexity, and limited confidentiality/integrity impact constrained by required user interaction and authenticated access.
Stored cross-site scripting (XSS) in Koollab LMS courselet feature allows authenticated users to inject arbitrary JavaScript that executes in the browsers of other users with courselet access, potentially compromising account security and enabling credential theft or malicious actions on behalf of affected users. CVSS 5.4 reflects network delivery, low complexity, and limited confidentiality/integrity impact constrained by required user interaction and authenticated access.