CVE-2023-48501: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions prior to the latest release contain a Cross-site Scripting (Stored XSS) vulnerability that could lead to arbitrary code execution (Adobe Security Bulletin). The vulnerability was discovered and disclosed on December 15, 2023, and has been assigned CVE-2023-48501 with a CVSS v3.1 base score of 5.4 (Medium).

The vulnerability is classified as a Cross-site Scripting (Stored XSS) issue (CWE-79) with a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability requires a low level of privileges and user interaction for successful exploitation (Adobe Security Bulletin).

When successfully exploited, malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. This could lead to unauthorized access to sensitive information and potential arbitrary code execution within the context of the affected application (CISA Bulletin).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Security Bulletin).