{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3007", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "state": "PUBLISHED", "assignerShortName": "CSA", "dateReserved": "2026-02-23T05:15:43.206Z", "datePublished": "2026-04-23T02:54:25.444Z", "dateUpdated": "2026-05-10T19:57:33.339Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-23T02:54:25.444Z"}, "title": "Stored Cross-Site Scripting (XSS) Vulnerability", "datePublic": "2026-04-23T02:50:00.000Z", "affected": [{"vendor": "Three Learning", "product": "Koollab Learning Management System", "versions": [{"status": "affected", "version": "5.3.2."}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS\u2019 courselet feature.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS\u2019 courselet feature.</p>"}]}], "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-042/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"version": "3.1", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseSeverity": "MEDIUM", "baseScore": 5.4, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}}], "solutions": [{"lang": "en", "value": "Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately."}]}], "credits": [{"lang": "en", "value": "Justin Ng", "type": "finder"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 1.0.1"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-79", "lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T14:41:20.084000Z", "id": "CVE-2026-3007", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-10T19:57:33.339Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3007", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T14:41:20.084000Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T14:41:27.649Z"}}], "cna": {"title": "Stored Cross-Site Scripting (XSS) Vulnerability", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Justin Ng"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Three Learning", "product": "Koollab Learning Management System", "versions": [{"status": "affected", "version": "5.3.2."}], "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.", "supportingMedia": [{"type": "text/html", "value": "Users and administrators of the affected product version are advised to update to the latest version 5.4.0 immediately.", "base64": false}]}], "datePublic": "2026-04-23T02:50:00.000Z", "references": [{"url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-042/"}], "x_generator": {"engine": "Vulnogram 1.0.1"}, "descriptions": [{"lang": "en", "value": "Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS\u2019 courselet feature.", "supportingMedia": [{"type": "text/html", "value": "<p>Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS\u2019 courselet feature.</p>", "base64": false}]}], "providerMetadata": {"orgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "shortName": "CSA", "dateUpdated": "2026-04-23T02:54:25.444Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3007", "state": "PUBLISHED", "dateUpdated": "2026-05-10T19:57:33.339Z", "dateReserved": "2026-02-23T05:15:43.206Z", "assignerOrgId": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "datePublished": "2026-04-23T02:54:25.444Z", "assignerShortName": "CSA"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS\u2019 courselet feature."}], "id": "CVE-2026-3007", "lastModified": "2026-05-10T20:16:28.850", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 2.7, "source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "type": "Secondary"}]}, "published": "2026-04-23T04:16:07.980", "references": [{"source": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "url": "https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2026-042/"}], "sourceIdentifier": "5f57b9bf-260d-4433-bf07-b6a79e9bb7d4", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.3.2."}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Koollab Learning Management System", "source": "cna", "vendor": "Three Learning"}, "product": "koollab_learning_management_system", "vendor": "three_learning"}], "analysis": {"en": {"generated_at": "2026-04-28T15:00:05.858012+00:00", "value": {"mitigation_remediation": ["Apply the vendor patch to version\u00a05.4.0 or later to eliminate the stored XSS flaw in the courselet component.", "If the patch cannot be applied immediately, restrict or sanitize courselet input to remove script tags and enforce stricter input validation (CWE\u201179).", "Limit creation and editing of courselets to trusted administrators or educators and regularly audit content for suspicious scripts."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary JavaScript execution on user accounts via courselet feature"}, "threat_synthesis": {"affected_systems": "The issue affects the Koollab Learning Management System produced by Three Learning. All installations that have not applied the latest patch (version\u00a05.4.0) are vulnerable. The patch resolves the input sanitization flaw in the courselet component and should be applied to any environment that hosts or displays courselet content.", "description_and_impact": "The vulnerability is a stored cross\u2011site scripting flaw in the courselet feature of Koollab LMS, allowing an attacker to embed malicious JavaScript that is saved and later executed whenever any user accesses the affected courselet. Because the script runs in the context of the victim\u2019s browser, the attacker can steal session cookies, tamper with page content, or perform actions on behalf of the user. This input\u2011validation weakness, identified as CWE\u201179, can lead to confidentiality or integrity compromise for all users who view the vulnerable content.", "risk_and_exploitability": "With a CVSS score of 5.4 and an EPSS of less than 1\u202f%, the likelihood of active exploitation is low, and the flaw is not listed in the CISA KEV catalog. Nevertheless, because the stored script is executed for every user who views the courselet, the potential impact is high for organizations that rely on this feature. The simplest attack path is for a privileged user to inject malicious payload into a courselet, which then propagates to all other users who access that courselet."}}}}, "created": "2026-04-28T09:26:25.032965+00:00", "updated": "2026-04-28T15:00:14.546524+00:00", "vendors": ["three_learning", "three_learning$PRODUCT$koollab_learning_management_system"], "weaknesses": ["CWE-79"]}