CVE-2023-48532: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability, identified as CVE-2023-48532. The vulnerability was discovered and disclosed in December 2023, with a CVSS v3.1 score of 5.4 (Medium severity) (CISA Bulletin).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker. The issue allows manipulation of DOM elements through crafted URLs or user input, enabling the injection of malicious scripts that execute when the page is rendered (Adobe Security).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the victim's browser session. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions later than 6.5.18 to mitigate this security risk (Adobe Security).