CVE-2026-3007

Description

Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet feature.

References

• https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-042/