CVE-2023-48516: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability (CVE-2023-48516). The vulnerability was disclosed on December 15, 2023, and has been assigned a CVSS v3.1 score of 5.4 (Medium) (Adobe Security, NVD Results).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form fields. The CVSS v3.1 base score of 5.4 is based on the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A, indicating network accessibility, low attack complexity, and required user interaction (Adobe Security).

When successfully exploited, malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. This can lead to unauthorized code execution within the context of the victim's browser session (NVD Results).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security).