PatchSiren

PatchSiren cyber security CVE debrief

CVE-2017-5945 Poodll CVE debrief

CVE-2017-5945 is a cross-site scripting issue in the PoodLL Filter plugin for Moodle. According to NVD, versions through 3.0.20 are affected, and the flaw comes from insufficient filtering of user-supplied data in the poodll_audio_url HTTP GET parameter used by the poodll/mp3recorderskins/brazil/index.php path. An attacker could cause arbitrary HTML and script code to execute in a victim’s browser in the context of the vulnerable website. NVD assigns a CVSS v3.0 score of 6.1 (MEDIUM), with network attack vector, low complexity, no privileges required, and user interaction required.

Vendor
Poodll
Product
CVE-2017-5945
CVSS
MEDIUM 6.1
CISA KEV
Not listed in stored evidence
Original CVE published
2017-02-10
Original CVE updated
2026-05-13
Advisory published
2017-02-10
Advisory updated
2026-05-13

Who should care

Moodle administrators, organizations running the PoodLL Filter plugin, and anyone who exposes the affected plugin path to authenticated or unauthenticated users. Security teams should treat this as important wherever the plugin is installed, because the impact is browser-side code execution within the site context.

Technical summary

NVD maps the weakness to CWE-79 and lists the vulnerable CPE range as poodll:moodle-filter_poodll through version 3.0.20. The issue is triggered through the poodll_audio_url HTTP GET parameter on filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php. The CVSS vector (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) indicates a remotely reachable flaw that depends on a victim visiting crafted content or a crafted URL, with confidentiality and integrity impact limited to the browser/session context.

Defensive priority

Medium. Prioritize remediation promptly if the plugin is deployed, because the issue is reachable over the network and can run attacker-supplied script in a user’s browser. The user-interaction requirement lowers automatic exposure, but the web-context impact still makes it relevant for public-facing Moodle environments.

Recommended defensive actions

  • Inventory Moodle sites for the PoodLL Filter plugin and confirm whether any instance is at or below version 3.0.20.
  • Upgrade or remove the affected PoodLL Filter plugin version if it is present.
  • Review the affected index.php flow and ensure the poodll_audio_url parameter is properly validated and escaped before use in HTML output.
  • Restrict exposure to the affected plugin path where possible until remediation is complete.
  • Check for any suspicious links or reports involving the affected URL path and parameter, especially where users may have been prompted to visit crafted content.

Evidence notes

This debrief is based on the supplied NVD record for CVE-2017-5945 and its referenced advisories. NVD marks the vulnerability as Modified and lists CWE-79, a CVSS v3.0 score of 6.1 with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, and affected versions through 3.0.20. The supplied references include a SecurityFocus BID entry and a GitHub issue tagged as Exploit, Patch, and Vendor Advisory. No CISA KEV entry was provided in the source corpus.

Official resources

CVE published 2017-02-10. The supplied record was last modified by NVD on 2026-05-13. No KEV listing was provided in the source data.