CVE-2017-5945 Information
Description
An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the \poodll_audio_url\ HTTP GET parameter passed to the \filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php\ URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
http://www.securityfocus.com/bid/96212
https://github.com/justinhunt/moodle-filter_poodll/issues/23
An
issue
was
discovered
in
the
PoodLL
Filter
plugin
through
3.0.20
for
Moodle.
The
vulnerability
exists
due
to
insufficient
filtration
of
user-supplied
data
in
the
\poodll_audio_url
HTTP
GET
parameter
passed
to
the
\filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php
URL.
An
attacker
could
execute
arbitrary
HTML
and
script
code
in
a
browser
in
the
context
of
the
vulnerable
website.
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: