Medium severity5.4NVD Advisory· Published Apr 30, 2026· Updated May 5, 2026

CVE-2026-1493

Description

LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch.

This issue was fixed in version 1.3.4.

Affected products

Wolterskluwer/Lex Baza Dokumentow
cpe:2.3:a:wolterskluwer:lex_baza_dokumentow:*:*:*:*:*:*:*:*
Range: <1.3.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

cert.pl/posts/2026/04/CVE-2025-1493nvdBroken Link
www.wolterskluwer.com/pl-pl/solutions/lex-baza-dokumentownvdProduct

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000