Vulnerabilities > Laravel > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-10 | CVE-2024-13918 | Cross-site Scripting vulnerability in Laravel Framework The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page. | 6.1 |
| 2025-03-10 | CVE-2024-13919 | Cross-site Scripting vulnerability in Laravel Framework The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of route parameters in the debug-mode error page. | 6.1 |
| 2023-04-25 | CVE-2022-40482 | Information Exposure Through Discrepancy vulnerability in Laravel Framework The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. | 5.3 |
| 2021-12-08 | CVE-2021-43808 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in Laravel Framework Laravel is a web application framework. | 6.1 |
| 2021-01-19 | CVE-2021-21263 | SQL Injection vulnerability in Laravel Laravel is a web application framework. | 5.3 |
| 2017-09-28 | CVE-2017-14775 | Information Exposure vulnerability in Laravel Laravel before 5.5.10 mishandles the remember_me token verification process because DatabaseUserProvider does not have constant-time token comparison. | 5.9 |
| 2017-05-29 | CVE-2017-9303 | Improper Input Validation vulnerability in Laravel 5.4.0 Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host. | 6.1 |