Sign in Get started

← All advisories

Medium severity6.1NVD Advisory· Published Mar 26, 2017· Updated May 13, 2026

CVE-2017-2645

CVE-2017-2645

Description

In Moodle 3.x, XSS can occur via attachments to evidence of prior learning.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moodle/moodlePackagist	>= 3.1, < 3.1.5	3.1.5
moodle/moodlePackagist	>= 3.2, < 3.2.2	3.2.2

Affected products

16

Moodle/Moodle16 versions
cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:3.2.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

moodle.org/mod/forum/discuss.phpnvdPatchThird Party AdvisoryWEB
www.securityfocus.com/bid/96982nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-9cg4-4f87-jhm3ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-2645ghsaADVISORY
www.securitytracker.com/id/1038174nvdWEB

News mentions

0

No linked articles in our index yet.