CVE-2023-22260: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.15.0 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability, identified as CVE-2023-22260. The vulnerability was discovered and assigned on December 19, 2022, with public disclosure occurring on March 14, 2023. This security issue affects Adobe Experience Manager and Adobe Experience Manager Cloud Service installations (Adobe Advisory, NVD).

The vulnerability is classified as CWE-601 (URL Redirection to Untrusted Site). It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction for successful exploitation (NVD).

When exploited, this vulnerability allows a low-privilege authenticated attacker to redirect users to malicious websites. The impact is considered moderate as it requires user interaction and can potentially lead to information disclosure and security feature bypass (Adobe Advisory).

Adobe has addressed this vulnerability in Experience Manager version 6.5.16.0 and Experience Manager Cloud Service version 2023.1.0. Users are advised to update to these or later versions to mitigate the risk (NVD).