CVE-2026-3007 MEDIUM

CVE-2026-3007: Stored Cross-Site Scripting (XSS) Vulnerability

Vendor Three Learning
Product Koollab Learning Management System
Published April 23, 2026
Last update May 10, 2026

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.

Key dates

02Disclosure timeline

April 23, 2026 CVE published
May 10, 2026 Record updated