Description

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch. This issue was fixed in version 1.3.4.

INFO

Published Date :

2026-04-30T11:24:30.615Z

Last Modified :

2026-04-30T13:04:44.255Z

Source :

CERT-PL
AFFECTED PRODUCTS

The following products are affected by CVE-2026-1493 vulnerability.

Vendors Products
Wolters Kluwer Polska
  • Lex Baza Dokumentów
Wolterskluwer
  • Lex Baza Dokumentow
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-1493.

URL Resource
https://cert.pl/posts/2026/04/CVE-2025-1493 cve-icon cve-icon
https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentow cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact