THREATOPS
THREAT OPSThreat News › Re: Skillable SCORM launch: userId parameter not validated against session token allows allocation bypass and cross-user DoS

Re: Skillable SCORM launch: userId parameter not validated against session token allows allocation bypass and cross-user DoS

lowoss_secPublished 2026-07-12

<p>Posted by Solar Designer on Jul 12</p>Hi,<br /> <br /> I&apos;m sorry I let this message through (as a moderator). It shouldn&apos;t be<br /> in here since it&apos;s about a hosted service and lacks open source focus.<br /> We generally don&apos;t let this sort of disclosures through to oss-security,<br /> and upon a closer look I see no reason to have made an exception this<br /> time. Well,

Original source: https://seclists.org/oss-sec/2026/q3/121