CVE-2026-1493: XSS in LEX Baza Dokumentów v1.3.4
Plattform
javascript
Komponente
lex-baza-dokument-w
Behoben in
1.3.4
CVE-2026-1493 affects LEX Baza Dokumentów, a document base application. The vulnerability is a DOM-based Cross-Site Scripting (XSS) issue located in the "em" cookie parameter. The application fails to properly sanitize this parameter, allowing an attacker to inject and execute arbitrary JavaScript in the victim's browser. The vulnerability is fixed in version 1.3.4.
Auswirkungen und Angriffsszenarien
An attacker can exploit this XSS vulnerability to execute arbitrary JavaScript code in the context of the victim's browser. This can be used to steal cookies, redirect users to malicious websites, deface the application, or perform other malicious actions. While the vendor considered the impact minimal due to the requirement of setting a cookie, the ability to execute JavaScript remains a significant security risk. The potential for a more severe attack exists if an attacker can successfully set the vulnerable cookie, allowing them to compromise user accounts and potentially gain access to sensitive data stored within the application.
Ausnutzungskontext
CVE-2026-1493 was published on 2026-04-30. The vulnerability is classified as Cross-Site Scripting (XSS). No public exploits are currently known. The vulnerability is not listed on KEV or EPSS. Refer to the vendor's advisory for more information.
Bedrohungsanalyse
Exploit-Status
EPSS
0.01% (1% Perzentil)
Betroffene Software
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Veröffentlicht
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation is to upgrade LEX Baza Dokumentów to version 1.3.4 or later. Until the upgrade is possible, implement strict input validation and output encoding on the "em" cookie parameter. Consider using a Content Security Policy (CSP) to restrict the sources from which JavaScript can be executed. Regularly scan the application for XSS vulnerabilities using automated tools. After upgrading, confirm the fix by attempting to inject a simple JavaScript payload into the "em" cookie parameter and verifying that it is not executed.
So behebenwird übersetzt…
Actualice a la versión 1.3.4 o posterior para mitigar la vulnerabilidad de XSS. Asegúrese de validar y escapar correctamente los datos proporcionados por el usuario, especialmente los parámetros de cookie, antes de procesarlos en el lado del cliente.
Häufig gestellte Fragen
Was ist CVE-2026-1493 — Cross-Site Scripting (XSS) in LEX Baza Dokumentów?
It's a DOM-based XSS vulnerability in LEX Baza Dokumentów.
Bin ich von CVE-2026-1493 in LEX Baza Dokumentów betroffen?
If you're using LEX Baza Dokumentów versions 0.0.0–1.3.4, you are potentially vulnerable.
Wie behebe ich CVE-2026-1493 in LEX Baza Dokumentów?
Upgrade to version 1.3.4. Implement input validation and output encoding as temporary mitigations.
Wird CVE-2026-1493 aktiv ausgenutzt?
Currently, there are no known public exploits targeting this vulnerability.
Wo finde ich den offiziellen LEX Baza Dokumentów-Hinweis für CVE-2026-1493?
Refer to the vendor's advisory and the NVD entry for CVE-2026-1493.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Jetzt testen — kein Konto
Laden Sie ein Manifest hoch (composer.lock, package-lock.json, WordPress Plugin-Liste…) oder fügen Sie Ihre Komponentenliste ein. Sie erhalten sofort einen Schwachstellenbericht. Das Hochladen einer Datei ist nur der Anfang: Mit einem Konto erhalten Sie kontinuierliche Überwachung, Slack/email-Benachrichtigungen, Multi-Projekt- und White-Label-Berichte.
Abhängigkeitsdatei hier ablegen
composer.lock, package-lock.json, requirements.txt, Gemfile.lock, pubspec.lock, Dockerfile...