CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50892 – WordPress TheGem Theme <= 5.9.1 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-50892
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme allows Reflected XSS.This issue affects TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: from n/a through 5.9.1. La neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en CodexThemes TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme permite XSS reflejado. Este problema afecta a TheGem - Creative Multi-Purpose & WooCommerce WordPress Theme: desde n/ a hasta 5.9.1. The TheGem theme for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in all versions up to, and including, 5.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-theme-5-9-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32238 – TheGem < 5.8.1.1 - Improper Authentication
https://notcve.org/view.php?id=CVE-2023-32238
The TheGem theme for WordPress is vulnerable to improper authentication in versions up to 5.8.1.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unknown action. • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32237 – Auth. Stored Cross-Site Scripting (XSS) vulnerability in TheGem theme by CodexThemes
https://notcve.org/view.php?id=CVE-2023-32237
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) allows Stored XSS.This issue affects TheGem (Elementor): from n/a before 5.8.1.1; TheGem (WPBakery): from n/a before 5.8.1.1. Vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery) permite almacenar XSS. Este problema afecta a TheGem (Elementor): desde n/a antes de 5.8.1.1; TheGem (WPBakery): desde n/a antes de 5.8.1.1. The TheGem theme for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to 5.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with subscriber-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/thegem-elementor/wordpress-thegem-elementor-theme-5-7-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/thegem/wordpress-thegem-wpbakery-theme-5-7-2-authenticated-cross-site-scripting-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •