The Laravel framework versions between 11.9.0 and 11.35.1 are susceptible to reflected cross-site scripting due to an improper encoding of request parameters in the debug-mode error page.
{ "github_reviewed_at": "2025-03-10T20:21:10Z", "github_reviewed": true, "nvd_published_at": "2025-03-10T10:15:10Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE" }