CVE-2023-48504: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48504 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was discovered and disclosed on December 15, 2023. This security flaw affects Adobe Experience Manager installations and could potentially impact both on-premises deployments up to version 6.5.18.0 and cloud service versions prior to 2023.11 (NVD CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that allows malicious scripts to be injected into vulnerable form fields. The severity of this vulnerability is rated as MEDIUM with a CVSS v3.1 base score of 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). The attack requires low privileges and user interaction, with the potential for malicious JavaScript execution in a victim's browser when accessing the compromised page (NVD CVE, Adobe Advisory).

When exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised form field. The impact is considered moderate as it requires low privileges to exploit but can lead to unauthorized script execution in the context of the victim's browser session (NVD CVE).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions after 6.5.18.0 for on-premises deployments, or ensure they are running version 2023.11 or later for cloud service installations (Adobe Advisory).