Miggo Logo
Miggo Vulnerability Database
CVE-2017-2645

CVE-2017-2645: Moodle XSS in attachments to evidence of prior learning

6.1

CVSS Score
3.0

Basic Information

CVE ID
CVE-2017-2645
GHSA ID
GHSA-9cg4-4f87-jhm3
EPSS Score
0.51563%
CWE
CWE-79
Published
5/17/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 3.1, < 3.1.53.1.5
moodle/moodlecomposer>= 3.2, < 3.2.23.2.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper handling of file downloads in Moodle's file serving mechanism. The advisory explicitly states XSS occurred because attachments were opened in the current Moodle session instead of being forced to download. The send_stored_file function in Moodle's core file handling library (lib/filelib.php) is responsible for sending files with headers. The lack of forced download headers (Content-Disposition: attachment) for these specific attachments would allow HTML/JS files to execute in the victim's browser. This matches the XSS pattern described in CWE-79 and aligns with the security notice mentioning the fix involved forcing downloads for these attachments.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In Moo*l* *.x, XSS **n o**ur vi* *tt***m*nts to *vi**n** o* prior l**rnin*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r **n*lin* o* *il* *ownlo**s in Moo*l*'s *il* s*rvin* m****nism. T** **visory *xpli*itly st*t*s XSS o**urr** ****us* *tt***m*nts w*r* op*n** in t** *urr*nt Moo*l* s*ssion inst*** o* **in* *or*** to *ownlo**. T** s*