CVE-2026-1493
Analyzed Analyzed - Analysis Complete
DOM-based XSS in LEX Baza Dokumentów

Publication date: 2026-04-30

Last updated on: 2026-05-05

Assigner: CERT.PL

Description
LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch. This issue was fixed in version 1.3.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-30
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-04-30
EPSS Evaluated
2026-06-15
NVD
CVE-2026-1493
EUVD
EUVD-2026-26366
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolterskluwer lex_baza_dokumentow to 1.3.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

LEX Baza Dokumentów has a vulnerability related to DOM-based Cross-Site Scripting (XSS) in the "em" cookie parameter. This means that the application processes this cookie parameter unsafely on the client side, which allows an attacker to execute arbitrary JavaScript code within the victim's browser context.

An attacker who can set this cookie can potentially perform more severe attacks, although the overall impact and risk of exploitation are considered minimal by the vendor. The vulnerability was addressed and fixed in version 1.3.4 of the software.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary JavaScript in the context of a victim's browser if they can set the "em" cookie parameter. This could lead to actions such as stealing session information, manipulating the user interface, or performing unauthorized actions on behalf of the user.

However, since the attacker needs the ability to set the cookie, the risk and impact are evaluated as minimal. Still, exploitation could lead to security issues on the client side, potentially compromising user data or session integrity.

Mitigation Strategies

The vulnerability in LEX Baza Dokumentów related to DOM-based XSS in the "em" cookie parameter was fixed in version 1.3.4.

To mitigate this vulnerability, you should immediately update your LEX Baza Dokumentów installation to version 1.3.4 or later.

Compliance Impact

The provided information does not specify how the DOM-based XSS vulnerability in LEX Baza Dokumentów impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-1493. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart