CVE-2026-1493
Analyzed Analyzed - Analysis Complete
DOM-based XSS in LEX Baza Dokumentów

Publication date: 2026-04-30

Last updated on: 2026-05-05

Assigner: CERT.PL

Description
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch. This issue was fixed in version 1.3.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-05
Generated
2026-05-07
AI Q&A
2026-04-30
EPSS Evaluated
2026-05-05
NVD
CVE-2026-1493
EUVD
EUVD-2026-26366
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolterskluwer lex_baza_dokumentow to 1.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

LEX Baza Dokumentów has a vulnerability related to DOM-based Cross-Site Scripting (XSS) in the "em" cookie parameter. This means that the application processes this cookie parameter unsafely on the client side, which allows an attacker to execute arbitrary JavaScript code within the victim's browser context.

An attacker who can set this cookie can potentially perform more severe attacks, although the overall impact and risk of exploitation are considered minimal by the vendor. The vulnerability was addressed and fixed in version 1.3.4 of the software.


How can this vulnerability impact me? :

This vulnerability allows an attacker to execute arbitrary JavaScript in the context of a victim's browser if they can set the "em" cookie parameter. This could lead to actions such as stealing session information, manipulating the user interface, or performing unauthorized actions on behalf of the user.

However, since the attacker needs the ability to set the cookie, the risk and impact are evaluated as minimal. Still, exploitation could lead to security issues on the client side, potentially compromising user data or session integrity.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in LEX Baza Dokumentów related to DOM-based XSS in the "em" cookie parameter was fixed in version 1.3.4.

To mitigate this vulnerability, you should immediately update your LEX Baza Dokumentów installation to version 1.3.4 or later.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The provided information does not specify how the DOM-based XSS vulnerability in LEX Baza Dokumentów impacts compliance with common standards and regulations such as GDPR or HIPAA.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart