CVE-2023-48482: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and has been assigned CVE-2023-48482 (NVD, Adobe Advisory).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation). The attack requires a low level of privileges and user interaction, as indicated by the CVSS vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (Adobe Advisory).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser when they visit a URL referencing a vulnerable page. The impact is limited to low confidentiality and integrity breaches, with no impact on availability (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security issue (Adobe Advisory).