LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely
processes the parameter on the client side, allowing an attacker to execute arbitrary
JavaScript in the context of the victim's browser.
An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch.
This issue was fixed in version 1.3.4.
References
| Link | Resource |
|---|---|
| https://cert.pl/posts/2026/04/CVE-2025-1493 | Broken Link |
| https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow | Product |
Configurations
History
05 May 2026, 00:30
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://cert.pl/posts/2026/04/CVE-2025-1493 - Broken Link | |
| References | () https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow - Product | |
| First Time |
Wolterskluwer lex Baza Dokumentow
Wolterskluwer |
|
| CPE | cpe:2.3:a:wolterskluwer:lex_baza_dokumentow:*:*:*:*:*:*:*:* | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
30 Apr 2026, 15:48
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-30 12:16
Updated : 2026-06-17 10:15
NVD link : CVE-2026-1493
Mitre link : CVE-2026-1493
CVE.ORG link : CVE-2026-1493
JSON object : View
Products Affected
wolterskluwer
- lex_baza_dokumentow
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
