CVE-2023-48485: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability, identified as CVE-2023-48485. The vulnerability was discovered and disclosed on December 15, 2023, affecting Adobe Experience Manager and Adobe Experience Manager Cloud Service versions up to 6.5.18.0 (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) vulnerability with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), and no impact on availability (A:N) (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page (NVD).

Adobe has released patches to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available through Adobe's security bulletin (Adobe Security).