CVE-2023-48537: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48537 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was discovered and disclosed on December 15, 2023. This security issue impacts the form field functionality within Adobe Experience Manager (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector requires a low-privileged attacker to inject malicious scripts into vulnerable form fields. The vulnerability allows for client-side code execution when users browse to pages containing the compromised fields (NVD).

When successfully exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they access a page containing the compromised form field. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available through Adobe's security bulletin APSB23-72 (Adobe Advisory).