CVE-2023-48525: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and has been assigned identifier CVE-2023-48525. This security issue affects the Adobe Experience Manager platform, particularly impacting low-privileged users (NVD, Adobe Security).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue. According to the CVSS scoring system, it has received a score of 6.1, with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A. The vulnerability allows for arbitrary code execution and is rated as Important in terms of severity (Adobe Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the victim's browser session. The impact is considered significant as it could lead to unauthorized access and potential manipulation of user data (CISA).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security).