CVE-2023-48536: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48536 is a Cross-site Scripting (DOM-based XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was discovered and disclosed on December 15, 2023. This security issue impacts Adobe Experience Manager installations and could potentially affect organizations using these vulnerable versions (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has been assigned a CVSS v3.1 Base Score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility with low attack complexity, requiring low privileges and user interaction (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page (NVD).

Adobe has released security patches to address this vulnerability. Organizations using affected versions of Adobe Experience Manager should upgrade to the latest version as specified in the security advisory (Adobe Advisory).