CVE-2023-48506: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48506. The vulnerability was disclosed in December 2023 and affects the form field functionality of the AEM platform (Adobe Security, NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 score of 5.4 (Medium). The technical assessment indicates that this is a client-side vulnerability that requires low privileges for exploitation but does need user interaction. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A (Adobe Security).

When successfully exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript code executes in their browsers, potentially leading to unauthorized data access or manipulation (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Organizations using affected versions should upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Security).