CVE-2026-22329 is an unauthenticated Cross-Site Scripting (XSS) vulnerability affecting Themeum Skillate versions up to 1.2.10. The issue is due to improper neutralization of input during web page generation (CWE-79), which allows attackers to inject malicious scripts that can execute in the context of the victim's browser. The vulnerability has a CVSS 3.1 score of 7.1 with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, indicating network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and partial impact on confidentiality, integrity, and availability. No vendor advisory or patch information is currently available.

Successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary scripts in the context of the affected web application, potentially leading to partial disclosure of sensitive information, modification of data, and disruption of availability. The scope is changed, meaning the vulnerability can affect components beyond the initially vulnerable component.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, consider applying input validation and output encoding as temporary mitigations to reduce the risk of XSS. Monitor official Themeum communications for updates on patches or mitigations.