CVE-2023-48507: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned the identifier CVE-2023-48507. This security flaw affects the form field functionality in Adobe Experience Manager installations (Adobe Advisory, NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It has been assigned a CVSS v3.1 base score of 5.4 (Medium severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality and integrity but not availability (NVD).

When exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they access pages containing compromised form fields. The attack can lead to unauthorized data access and potential manipulation of user sessions (Adobe Advisory).

Adobe has addressed this vulnerability in their security updates. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 to mitigate this security risk (Adobe Advisory).