AI description
CVE-2024-13918 is a reflected cross-site scripting (XSS) vulnerability affecting the Laravel framework, specifically versions between 11.9.0 and 11.35.1. This vulnerability stems from the improper encoding of request parameters within the debug-mode error page. An attacker could exploit this by injecting malicious code into a website, which is then reflected back to the user's browser. If a user clicks a malicious link containing this injected code, their browser could execute it, potentially allowing the attacker to steal sensitive information like cookies or session tokens, or even take control of the user's account. A patch has been released in version 11.36.0 to address this vulnerability.
- Description
- The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
- Source
- 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
لاراول زیر تیغ حملات XSS: نقصهای CVE-2024-13918 و CVE-2024-13919 امنیت کاربران را تهدید میکند! #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2024_13919 #CVE_2024_13918 #Laravel #لاراول #Reflected_XSS https://t.co/oP44FwBlau
@vulnerbyte
20 Mar 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PHPのフレームワーク Laravelで2件の重大なXSS脆弱性(CVE-2024-13918、 CVE-2024-13919) #セキュリティ対策Lab #セキュリティ #Security https://t.co/OSR999chdU
@securityLab_jp
18 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ PHP製フレームワーク Laravel に反射型XSS脆弱性があるとのこと - CVE-2024-13918, CVE-2024-13919 - 影響のあるバージョン: 11.9.0 - 11.35.1 - デバッグモード時のエラーページでリクエストパラメータがエスケープされずにレスポンスに埋め込まれることにより発生
@pinkumohikan
17 Mar 2025
10027 Impressions
18 Retweets
80 Likes
26 Bookmarks
1 Reply
2 Quotes
🚨CVE-2024-13918, -13919: XSS en Laravel Framework, calificación 8.0 Se han descubierto vulnerabilidades críticas en Laravel Framework que permiten a un atacante ejecutar código en el navegador de la víctima mediante Reflected XSS si ésta hace click en un enlace malicioso. -… h
@Cyph3R_CyberSec
17 Mar 2025
52 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13918, -13919: XSS in Laravel Framework, 8.0 rating❗️ Vulns allow an attacker to execute code in the victim's browser via Reflected XSS. More then 770k instances at https://t.co/hv7QKSqxTR: 👉 Link: https://t.co/SWR2GQWtLX #cybersecurity #vulnerability_map #laravel ht
@Netlas_io
17 Mar 2025
946 Impressions
6 Retweets
14 Likes
5 Bookmarks
1 Reply
0 Quotes
Laravel Framework Vulnerable to Reflected XSS Attacks (CVE-2024-13918 & CVE-2024-13919) These vulnerabilities allow attackers to execute malicious scripts via crafted URLs, posing a significant risk to web applications. https://t.co/SfqBhCjyml #Cybersecurity #XSS #Laravel
@adriananglin
17 Mar 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Laravel Framework Vulnerable to Reflected XSS Attacks (CVE-2024-13918 & CVE-2024-13919) CVE-2024-13918 and CVE-2024-13919, affect #Laravel versions between 11.9.0 and 11.35.1 and could allow attackers to execute arbitrary #JavaScript code https://t.co/zHpWuRKt0R
@the_yellow_fall
17 Mar 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی برای فریمورک Laravel از نوع xss منتشر شده است. این آسیب پذیری دارای کد شناسایی CVE-2024-13918 بوده و ورژن های 11.9.0 و 11.35.1 مربوط به این فریموک دارای این آسیب پذیری می باشند. https://t.co/Poz3aKY03t https://t.co/pCyoDUh22a
@AmirHossein_sec
15 Mar 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
به تازگی آسیب پذیری جدیدی برای فریمورک Laravel از نوع xss منتشر شده است. این آسیب پذیری دارای کد شناساییCVE-2024-13918 بوده و ورژن های 11.9.0 و 11.35.1 مربوط به این فریموک دارای این آسیب پذیری می باشند. برای پیشگیری ومقابله با این تهدید به نسخه 11.36.0وبالاتربه روزرسانی نمایید. h
@cybernetic_cy
13 Mar 2025
85 Impressions
2 Retweets
3 Likes
0 Bookmarks
0 Replies
0 Quotes
A few months ago, @ffabs98 from @SBA_Research and I discovered independently two reflected #XSS vulnerabilities in the #laravel framework ( < v11.36.0 ) when APP_DEBUG is enabled. CVE-2024-13918 CVE-2024-13919
@angelej_dev
12 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-13918 The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the d… https://t.co/THINmopi6K
@CVEnew
10 Mar 2025
533 Impressions
0 Retweets
2 Likes
1 Bookmark
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18",
"versionEndExcluding": "11.36.0",
"versionStartIncluding": "11.9.0"
}
],
"operator": "OR"
}
]
}
]