CVE-2024-13918

High CVSS: 8.0

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

Vendor

Laravel

Product

Framework

CWE

CWE-79

Yayın Tarihi

2025-03-10 10:15:10

Güncelleme

2025-03-24 14:15:59

Source Identifier

1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a

KEV Date Added

Kategoriler

CWE-79 Framework HIGH Laravel 2025

Referanslar

https://github.com/laravel/framework/pull/53869 https://github.com/laravel/framework/releases/tag/v11.36.0 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Page http://www.openwall.com/lists/oss-security/2025/03/10/3

Benzer Kayıtlar

Critical

CVE-2026-23524

Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and belo…

Critical

CVE-2025-54068

Livewire is a full-stack framework for Laravel. In Livewire v3 up to and including v3.6.3, a vulnerability allows unauth…

High

CVE-2024-13919

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an im…

Medium

CVE-2025-27515

Laravel is a web application framework. When using wildcard validation to validate a given file or image field (`files.*…