CVE-2023-48460: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability, identified as CVE-2023-48460. The vulnerability was disclosed on December 15, 2023, and affects Adobe Experience Manager software versions up to and including 6.5.18.0 (NVD).

This is a DOM-based Cross-site Scripting (XSS) vulnerability with a CVSS v3.1 Base Score of 5.4 (Medium). The vulnerability is characterized by the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction. The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser. The impact is considered medium severity, with potential for limited confidentiality and integrity breaches (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available through Adobe's security bulletin APSB23-72 (Adobe Advisory).