CVE-2023-48494: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and was assigned identifier CVE-2023-48494 (NVD, Adobe Security).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), and requires user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser session. This could potentially lead to unauthorized access to user data, session hijacking, or other browser-based attacks (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Security).