Cross-Site Scripting in LEX Baza Dokumentów_CVE-2026-1493

4.6 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Description

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely
processes the parameter on the client side, allowing an attacker to execute arbitrary
JavaScript in the context of the victim's browser.
An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch.

This issue was fixed in version 1.3.4.

Basic Information

ID CVE-2026-1493

Source CERT-PL

Published Apr 30, 2026 at 11:24

Affected Product

Vendor Wolters Kluwer Polska

Product LEX Baza Dokumentów

Affected Versions Wolters Kluwer Polska LEX Baza Dokumentów 0

CWE Classification

CWE-79

References

{
    "lastseen": "",
    "description": "LEX Baza Dokument\u00f3w is vulnerable to DOM-based XSS in \"em\"\u00a0cookie parameter.\u00a0The application unsafely\nprocesses the parameter on the client side, allowing an attacker to execute arbitrary\nJavaScript in the context of the victim's browser.\nAn attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch.\n\nThis issue was fixed in version 1.3.4.",
    "published": "2026-04-30T11:24:30.615Z",
    "modified": "2026-04-30T11:24:30.615Z",
    "type": "cve",
    "title": "Cross-Site Scripting in LEX Baza Dokument\u00f3w",
    "source": "CERT-PL",
    "references": "https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow\nhttps://cert.pl/posts/2026/04/CVE-2025-1493",
    "id": "CVE-2026-1493",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Wolters Kluwer Polska LEX Baza Dokument\u00f3w 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.6,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LEX Baza Dokument\u00f3w",
    "version": "0",
    "vendor": "Wolters Kluwer Polska",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}