Summary: Security researchers have identified two reflected XSS vulnerabilities in the Laravel framework, affecting versions 11.9.0 to 11.35.1. These vulnerabilities, tracked as CVE-2024-13918 and CVE-2024-13919, could allow attackers to execute arbitrary JavaScript in a userβs browser. A patch has been released in version 11.36.0, and users are encouraged to upgrade.
Affected: Laravel framework (versions 11.9.0 to 11.35.1)
Keypoints :
- Two reflected cross-site scripting (XSS) vulnerabilities discovered in Laravel.
- Improper encoding of request and route parameters in debug-mode error pages allows code injection.
- A patch is available in version 11.36.0; users should upgrade or disable debug mode to reduce risk.