CVE-2024-13919

Summary

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.

Affected Software

VendorProductVersion RangeStatus
Laravel Holdings Inc.Laravel Framework11.9.0 <= 11.35.1affected

Weaknesses

  • CWE-79: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

Workarounds

Ensure that the application does not run in debug-mode by setting APP_DEBUG=false in your configuration.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References