CVE-2026-1493

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch. This issue was fixed in version 1.3.4.
Configurations

Configuration 1 (hide)

cpe:2.3:a:wolterskluwer:lex_baza_dokumentow:*:*:*:*:*:*:*:*

History

05 May 2026, 00:30

Type Values Removed Values Added
References () https://cert.pl/posts/2026/04/CVE-2025-1493 - () https://cert.pl/posts/2026/04/CVE-2025-1493 - Broken Link
References () https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow - () https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow - Product
First Time Wolterskluwer lex Baza Dokumentow
Wolterskluwer
CPE cpe:2.3:a:wolterskluwer:lex_baza_dokumentow:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.4

30 Apr 2026, 15:48

Type Values Removed Values Added
New CVE

Information

Published : 2026-04-30 12:16

Updated : 2026-06-17 10:15


NVD link : CVE-2026-1493

Mitre link : CVE-2026-1493

CVE.ORG link : CVE-2026-1493


JSON object : View

Products Affected

wolterskluwer

  • lex_baza_dokumentow
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')