{ "id": "CVE-2024-13919", "sourceIdentifier": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "published": "2025-03-10T10:15:13.890", "lastModified": "2025-03-10T17:15:34.540", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page." }, { "lang": "es", "value": "Las versiones del framework Laravel entre 11.9.0 y 11.35.1 son susceptibles a cross-site scripting reflejado debido a una codificaci\u00f3n incorrecta de los par\u00e1metros de ruta en la p\u00e1gina de error del modo de depuraci\u00f3n." } ], "metrics": { "cvssMetricV31": [ { "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "baseScore": 8.0, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, "exploitabilityScore": 1.6, "impactScore": 5.8 } ] }, "weaknesses": [ { "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a", "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-79" } ] } ], "references": [ { "url": "https://github.com/laravel/framework/pull/53869", "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" }, { "url": "https://github.com/laravel/framework/releases/tag/v11.36.0", "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" }, { "url": "https://github.com/sbaresearch/advisories/tree/public/2024/SBA-ADV-20241209-02_Laravel_Reflected_XSS_via_Route_Parameter_in_Debug-Mode_Error_Page", "source": "1e3a9e0f-5156-4bf8-b8a3-cc311bfc0f4a" }, { "url": "http://www.openwall.com/lists/oss-security/2025/03/10/4", "source": "af854a3a-2127-422b-91ae-364da2661108" } ] }