CVE-2023-48473: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability identified as CVE-2023-48473. The vulnerability was disclosed on December 15, 2023, and affects Adobe Experience Manager's web interface (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium). The attack vector requires network access (AV:N), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impacts (C:L, I:L) and no availability impact (A:N) (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page. This could potentially lead to unauthorized access to user data and manipulation of browser content (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Advisory).