Lex Baza Dokument W
Monthly
DOM-based cross-site scripting in LEX Baza Dokumentów through version 1.3.3 allows attackers to execute arbitrary JavaScript in victim browsers via unsafe processing of the 'em' cookie parameter on the client side. Exploitation requires local access and user interaction, and the attacker must have the ability to set a cookie, significantly limiting real-world attack surface. The vendor has released patch version 1.3.4 to address this vulnerability.
DOM-based cross-site scripting in LEX Baza Dokumentów through version 1.3.3 allows attackers to execute arbitrary JavaScript in victim browsers via unsafe processing of the 'em' cookie parameter on the client side. Exploitation requires local access and user interaction, and the attacker must have the ability to set a cookie, significantly limiting real-world attack surface. The vendor has released patch version 1.3.4 to address this vulnerability.