CVE-2024-13918

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-03-10 1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a GHSA-546h-56qp-8jmw
XSS
8.0
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
None

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 19:50 vuln.today
PoC Detected
Mar 24, 2025 - 14:15 vuln.today
Public exploit code
Patch released
Mar 24, 2025 - 14:15 nvd
Patch available
CVE Published
Mar 10, 2025 - 10:15 nvd
HIGH 8.0

DescriptionNVD

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

AnalysisAI

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. [CVSS 8.0 HIGH]

Technical ContextAI

Classified as CWE-79 (Cross-site Scripting (XSS)). The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

Affected ProductsAI

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request par

RemediationAI

A vendor patch is available — apply it immediately. Implement output encoding and Content Security Policy headers. Restrict network access to the affected service where possible.

Share

CVE-2024-13918 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy