PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22329 Themeum CVE debrief

CVE-2026-22329 is a high-severity Unauthenticated Cross Site Scripting (XSS) vulnerability in Skillate versions <= 1.2.10. This vulnerability has a CVSS score of 7.1 and is considered HIGH severity. The vulnerability was published on June 17, 2026, and last modified on the same day. Users of affected versions should take immediate action to mitigate the risk. The vulnerability allows attackers to inject malicious scripts into the application. No specific details about the vendor or product are available. Organizations using Skillate versions <= 1.2.10 should prioritize patching or mitigating this vulnerability.

Vendor
Themeum
Product
Skillate
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-17
Original CVE updated
2026-06-17
Advisory published
2026-06-17
Advisory updated
2026-06-17

Who should care

Administrators and users of Skillate versions <= 1.2.10 should be aware of this vulnerability and take necessary actions to secure their systems. Web application security teams and cybersecurity professionals should also be informed about this vulnerability to ensure proper protection measures are in place.

Technical summary

CVE-2026-22329 is an Unauthenticated Cross Site Scripting (XSS) vulnerability in Skillate versions <= 1.2.10. The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, and can result in low impact on confidentiality, integrity, and availability. The CWE associated with this vulnerability is CWE-79.

Defensive priority

High

Recommended defensive actions

  • Update Skillate to a version greater than 1.2.10
  • Implement input validation and output encoding to prevent XSS attacks
  • Use a web application firewall (WAF) to detect and prevent malicious traffic
  • Conduct regular security audits and vulnerability assessments
  • Educate users about the risks of XSS attacks and how to identify suspicious activity

Evidence notes

The information provided is based on data from the National Vulnerability Database (NVD) and Patchstack. The CVE record and NVD detail pages provide additional information about the vulnerability.

Official resources

public