CVE-2023-48445: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and has been assigned CVE-2023-48445. This security issue affects the Adobe Experience Manager platform, a widely-used content management solution (NVD CVE).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium severity). The attack vector is characterized as network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD CVE).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser. The execution occurs when a victim visits a URL referencing a vulnerable page, potentially leading to unauthorized access to user data or manipulation of the web interface (NVD CVE).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Advisory).