CVE-2024-13919 Information

Description

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page.

Reference

http://www.openwall.com/lists/oss-security/2025/03/10/4 https://github.com/laravel/framework/pull/53869 https://github.com/laravel/framework/releases/tag/v11.36.0 https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page