CVE-2023-48450: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48450 is a Cross-site Scripting (DOM-based XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was disclosed on December 15, 2023, and has been assigned a CVSS v3.1 base score of 5.4 (Medium) (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (CWE-79) issue. It has a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, low privileges required, user interaction required, changed scope, and low impact on confidentiality and integrity with no impact on availability (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when the victim visits a URL referencing a vulnerable page. This can lead to compromised confidentiality and integrity of the user's browser session (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to the latest version of Adobe Experience Manager beyond version 6.5.18 (Adobe Advisory).