DOM-Based XSS Vulnerability in Lex Baza Dokumentów by Wolters Kluwer
CVE-2026-1493

4.6MEDIUM

Key Information:

Vendor: Wolters Kluwer Polska
Status: Lex Baza Dokumentów
Vendor: CVE Published:; 30 April 2026

🔔 Create Wolters Kluwer Polska Vulnerability Alert

What is CVE-2026-1493?

Lex Baza Dokumentów contains a vulnerability that allows for DOM-based Cross-Site Scripting (XSS) via the 'em' cookie parameter. The application improperly processes this parameter on the client side, which could enable attackers to execute arbitrary JavaScript within the victim's browser session. Although the potential for severe attacks exists for those able to set cookies, the vendor has issued a security patch, addressing this issue in version 1.3.4 to mitigate any related risks.

Affected Version(s)

LEX Baza Dokumentów 0 < 1.3.4

References

https://www.wolterskluwer.com/pl-pl/solutions/lex-baza-do...

product

https://cert.pl/posts/2026/04/CVE-2025-1493

third-party-advisory

CVSS V4

Score:

4.6

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2026
Vulnerability Reserved
Jan 27, 2026

Credit

Marek Figielski (Vanilla.pl)

CVE-2026-1493 Data

JSON