Koollab LMS XSS in Courselet (v5.3.2) Enables Arbitrary JS
CVE-2026-3007 Published on April 23, 2026

Stored Cross-Site Scripting (XSS) Vulnerability
Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS courselet feature.

NVD

Vulnerability Analysis

CVE-2026-3007 can be exploited with network access, requires user interaction and a small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
REQUIRED
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
NONE

Affected Versions

Three Learning Koollab Learning Management System Version 5.3.2. is affected by CVE-2026-3007