CVE-2023-48458: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and affects Adobe Experience Manager software (NVD).

This is a DOM-based Cross-site Scripting (XSS) vulnerability classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates network accessibility, low attack complexity, required low privileges, and user interaction, with changed scope and low impacts on confidentiality and integrity (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser. The impact is characterized by low severity effects on both confidentiality and integrity, with no impact on availability (NVD).

Adobe has released security updates to address this vulnerability. Users should update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Security Bulletin).