MEDIUM
Csa
CVE published 2026-04-23
CVE-2026-3007
CVE-2026-3007 is a stored cross-site scripting issue associated with Koollab LMS courselet access. According to the CVE description, successful exploitation could let an attacker run arbitrary JavaScript in the context of any user account that can access the courselet feature. The record was published on 2026-04-23 and later modified on 2026-05-10. NVD currently marks the vulnerability status as Deferred.