CVE-2023-48540: 
Adobe Experience Manager vulnerability analysis and mitigation

A stored Cross-Site Scripting (XSS) vulnerability was discovered in Adobe Experience Manager versions 6.5.18 and earlier, identified as CVE-2023-48540. The vulnerability was disclosed on December 15, 2023, and affects Adobe Experience Manager's form field functionality (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

If exploited, this vulnerability allows malicious JavaScript execution in a victim's browser when they browse to a page containing the compromised form field. The impact includes potential information disclosure and limited client-side code execution within the context of the victim's browser session (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available through Adobe's security bulletin APSB23-72 (Adobe Advisory).