CVE-2023-48529: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier were identified with a stored Cross-Site Scripting (XSS) vulnerability, tracked as CVE-2023-48529. The vulnerability was disclosed on November 16, 2023, and affects the form field functionality within AEM installations (CVE Details).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS score of 5.4, indicating moderate severity. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A, which suggests the attack requires network access, low complexity, low privileges, and user interaction (Adobe Security).

When successfully exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. These scripts can then be executed in victims' browsers when they access the page containing the compromised field, potentially leading to unauthorized data access or manipulation (CVE Details).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest available version to mitigate this security risk (Adobe Security).