CVE-2023-48462: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and has been assigned CVE-2023-48462. This security issue affects Adobe Experience Manager installations up to version 6.5.18.0 and Adobe Experience Manager Cloud Service versions prior to 2023.11 (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction to exploit (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser. This occurs when the attacker can convince a victim to visit a URL referencing a vulnerable page (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to the latest version of Adobe Experience Manager or Adobe Experience Manager Cloud Service to mitigate this security risk (Adobe Advisory).