CVE-2023-48530: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier were identified with a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned identifier CVE-2023-48530. This security flaw affects the form field functionality in Adobe Experience Manager installations (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79: Improper Neutralization of Input During Web Page Generation). It received a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (Adobe Advisory).

When successfully exploited, this vulnerability allows attackers with low privileges to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript executes in their browsers, potentially leading to unauthorized data access or manipulation (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 to mitigate this security risk (Adobe Advisory).