CVE-2023-48487: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48487 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was disclosed on December 15, 2023. This security issue allows a low-privileged attacker to execute arbitrary code in the context of the victim's browser session when the victim visits a URL referencing a vulnerable page (NVD Results).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 score of 5.4 (Medium severity). The attack requires user interaction and a low-privileged attacker can exploit it by manipulating DOM elements through crafted URLs or user input. The malicious JavaScript content can be executed within the context of the victim's browser when they access the manipulated page (Adobe Security).

If successfully exploited, the vulnerability allows malicious JavaScript to be executed in the victim's browser context. This can lead to unauthorized access to sensitive browser-based information, session hijacking, or other client-side attacks within the scope of the affected Adobe Experience Manager instance (NVD Results).

Adobe has addressed this vulnerability in versions after 6.5.18. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security).