CVE-2023-48521: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and has been assigned CVE-2023-48521. This security flaw affects the form field functionality in Adobe Experience Manager (NVD CVE, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields within Adobe Experience Manager. It has received a CVSS v3.1 Base Score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality and integrity but not availability (NVD CVE).

If successfully exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript code can be executed in their browsers, potentially leading to unauthorized data access or manipulation (NVD CVE).

Adobe has released security patches to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 to mitigate this security risk (Adobe Advisory).