CVE-2023-48447: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and affects Adobe Experience Manager's web application functionality (NVD).

This is a reflected Cross-Site Scripting (XSS) vulnerability (CWE-79) that requires low privileges to exploit. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability is network-accessible, requires low attack complexity, low privileges, and user interaction for successful exploitation (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser when they visit a URL referencing a vulnerable page. The impact is rated as having low confidentiality and integrity impacts, with no impact on availability (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).