AI description
CVE-2024-13919 is a reflected cross-site scripting (XSS) vulnerability affecting the Laravel framework, specifically versions 11.9.0 through 11.35.1. It stems from the improper encoding of route parameters within the debug-mode error page. When Laravel's debug mode is enabled, detailed error messages are displayed, including the values of request and route parameters. If these values are not properly encoded, an attacker can inject malicious code, which is then reflected back to the user's browser, potentially leading to the execution of arbitrary JavaScript code. To exploit this, an attacker would need to trick a user into clicking a malicious link containing a crafted payload.
- Description
- The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.
- Source
- 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
لاراول زیر تیغ حملات XSS: نقصهای CVE-2024-13918 و CVE-2024-13919 امنیت کاربران را تهدید میکند! #Cyber_Security_News #اخبار_امنیت_سایبری #CVE_2024_13919 #CVE_2024_13918 #Laravel #لاراول #Reflected_XSS https://t.co/oP44FwBlau
@vulnerbyte
20 Mar 2025
22 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
PHPのフレームワーク Laravelで2件の重大なXSS脆弱性(CVE-2024-13918、 CVE-2024-13919) #セキュリティ対策Lab #セキュリティ #Security https://t.co/OSR999chdU
@securityLab_jp
18 Mar 2025
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ PHP製フレームワーク Laravel に反射型XSS脆弱性があるとのこと - CVE-2024-13918, CVE-2024-13919 - 影響のあるバージョン: 11.9.0 - 11.35.1 - デバッグモード時のエラーページでリクエストパラメータがエスケープされずにレスポンスに埋め込まれることにより発生
@pinkumohikan
17 Mar 2025
10027 Impressions
18 Retweets
80 Likes
26 Bookmarks
1 Reply
2 Quotes
Laravel Framework Vulnerable to Reflected XSS Attacks (CVE-2024-13918 & CVE-2024-13919) These vulnerabilities allow attackers to execute malicious scripts via crafted URLs, posing a significant risk to web applications. https://t.co/SfqBhCjyml #Cybersecurity #XSS #Laravel
@adriananglin
17 Mar 2025
12 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Laravel Framework Vulnerable to Reflected XSS Attacks (CVE-2024-13918 & CVE-2024-13919) CVE-2024-13918 and CVE-2024-13919, affect #Laravel versions between 11.9.0 and 11.35.1 and could allow attackers to execute arbitrary #JavaScript code https://t.co/zHpWuRKt0R
@the_yellow_fall
17 Mar 2025
54 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A few months ago, @ffabs98 from @SBA_Research and I discovered independently two reflected #XSS vulnerabilities in the #laravel framework ( < v11.36.0 ) when APP_DEBUG is enabled. CVE-2024-13918 CVE-2024-13919
@angelej_dev
12 Mar 2025
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
csirt_it: ‼️ #Laravel: disponibile un #PoC per lo sfruttamento della CVE-2024-13919 Rischio: 🟠 Tipologia: 🔸Data Manipulation 🔸 Information Leakage 🔗 https://t.co/PJ9k6A1zl1 🔄 Aggiornamenti disponibili 🔄 https://t.co/bnuDZXaokE
@Vulcanux_
12 Mar 2025
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-13919 The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the deb… https://t.co/z5lPKrSMpv
@CVEnew
10 Mar 2025
420 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:laravel:framework:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A2A8A0BE-A7AA-4DA2-8A67-227CBBA94C18",
"versionEndExcluding": "11.36.0",
"versionStartIncluding": "11.9.0"
}
],
"operator": "OR"
}
]
}
]