CVE-2023-48491: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier were identified with a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned the identifier CVE-2023-48491. This security flaw affects multiple versions of Adobe Experience Manager, including both the standard deployment and cloud service versions (Adobe Advisory).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue, identified under CWE-79 (Improper Neutralization of Input During Web Page Generation). The severity of this vulnerability has been assessed with a CVSS v3.1 base score of 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser. The impact is considered moderate, with potential for information disclosure and limited compromise of the affected system (Adobe Advisory).

Adobe has addressed this vulnerability in subsequent releases after version 6.5.18. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).