CVE-2026-3007

Summary

Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.

Affected Software

VendorProductVersion RangeStatus
Three LearningKoollab Learning Management System5.3.2.affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References