CVE-2023-48484: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and affects Adobe Experience Manager and Adobe Experience Manager Cloud Service versions up to 2023.11 (NVD).

This is a DOM-based Cross-site Scripting (XSS) vulnerability with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability is identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low impact on confidentiality (C:L) and integrity (I:L), and no impact on availability (A:N) (NVD).

If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. This could potentially lead to unauthorized access to user data or manipulation of the web application's content (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available in Adobe's security bulletin APSB23-72 (Adobe Advisory).