id: laravel-ignition-xss info: name: Laravel Ignition XSS author: 0x_Akoko severity: medium description: | Laravel's Ignition contains a cross-site scripting vulnerability when debug mode is enabled. remediation: | Disable Laravel's debug mode by setting APP_DEBUG to false. reference: - https://www.acunetix.com/vulnerabilities/web/laravel-ignition-reflected-cross-site-scripting/ - https://github.com/facade/ignition/issues/273 tags: laravel,xss,ignition requests: - method: GET path: - "{{BaseURL}}/_ignition/scripts/-->" matchers-condition: and matchers: - type: word part: body words: - "Undefined index: --> in file" - type: word part: header words: - "text/html" - type: status status: - 500