CVE-2024-13918— Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

CVSS 8.0 · High EPSS 1.05% · P78 Updated Mar 11, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-13918

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Laravel Framework 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Laravel Framework是Taylor Otwell个人开发者的一款基于PHP的Web应用程序开发框架。 Laravel Framework 11.9.0至11.35.1版本存在安全漏洞，该漏洞源于调试模式错误页面对请求参数编码不当，可能导致反射型跨站脚本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Laravel Holdings Inc.	Laravel Framework	11.9.0 ~ 11.35.1	-

II. Public POCs for CVE-2024-13918

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2024-13918

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: Laravel Framework

CVE-2024-13919
Laravel Reflected XSS via Route Parameter in Debug-Mode Erro

Same vendor: Laravel Holdings Inc.

Same weakness: CWE-79

V. Comments for CVE-2024-13918

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2024-13918— Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

I. Basic Information for CVE-2024-13918

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2024-13918

III. Intelligence Information for CVE-2024-13918

IV. Related Vulnerabilities

V. Comments for CVE-2024-13918

Leave a comment