CVE-2017-5945

Name of the Vulnerable Software and Affected Versions PoodLL Filter plugin versions through 3.0.20 for Moodle

Description The issue exists due to insufficient filtration of user-supplied data in the poodll audio url HTTP GET parameter passed to the "filter poodll moodle32 2016112802/poodll/mp3recorderskins/brazil/index.php" API endpoint. This allows an attacker to execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Recommendations For PoodLL Filter plugin versions through 3.0.20, update to a version later than 3.0.20 to resolve the issue. As a temporary workaround, consider restricting access to the poodll audio url parameter in the affected API endpoint until a patch is available.