CVE-2026-42410

· NIST NVD ↗

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem Theme Elements (for Elementor) allows DOM-Based XSS.This issue affects TheGem Theme Elements (for Elementor): from n/a before 5.12.1.1.

MEDIUM
CVSS severity
6.5
CVSS base score
2026-04-27
Published

CWE codes

CWE-79

Sources