CVE-2023-48468: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability identified as CVE-2023-48468. The vulnerability was disclosed on December 15, 2023, and affects both AEM on-premise installations and cloud services (Adobe Advisory).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue. It has been assigned a CVSS v3.1 base score of 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires low privileges and user interaction to exploit, with potential impact on confidentiality and integrity (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript code within the context of the victim's browser when the victim visits a URL referencing a vulnerable page. This could potentially lead to unauthorized access to sensitive information or manipulation of browser content (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. For cloud service users, the fix is included in version 2023.11 and later (Adobe Advisory).