CVE-2024-13918
published 2025-03-10CVE-2024-13918: The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters…
PriorityP424medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
0.57%
43.1th percentile
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | php-laravel-framework | — | — |
| laravel | framework | >= 11.9.0 < 11.36.0 | 11.36.0 |
| laravel | framework | >= 11.9.0 < 11.36.0 | 11.36.0 |
| laravel_holdings_inc | laravel_framework | 11.9.0 – 11.35.1 | — |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vendor_debian8.0LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Laravel framework susceptible to reflected cross-site scripting
osv·2025-03-10
CVE-2024-13918 [MEDIUM] Laravel framework susceptible to reflected cross-site scripting
Laravel framework susceptible to reflected cross-site scripting
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
GHSA
Laravel framework susceptible to reflected cross-site scripting
ghsa·2025-03-10
CVE-2024-13918 [MEDIUM] CWE-79 Laravel framework susceptible to reflected cross-site scripting
Laravel framework susceptible to reflected cross-site scripting
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Debian
CVE-2024-13918: php-laravel-framework - The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to ref...
vendor_debian·2024·CVSS 8.0
CVE-2024-13918 [HIGH] CVE-2024-13918: php-laravel-framework - The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to ref...
The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/laravel/framework/pull/53869https://github.com/laravel/framework/releases/tag/v11.36.0https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-01_Laravel_Reflected_XSS_via_Request_Parameter_in_Debug-Mode_Error_Pagehttp://www.openwall.com/lists/oss-security/2025/03/10/3
2025-03-10
Published