CVE-2023-48544: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48544. The vulnerability was disclosed on December 15, 2023, and affects multiple versions of Adobe Experience Manager, including both the on-premises deployments up to version 6.5.18.0 and cloud service versions prior to 2023.11 (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack requires low privileges and user interaction, with the attack vector being network-accessible. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, low privileges required, user interaction required, and low impact on confidentiality and integrity (NVD).

If exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the vulnerable field, the malicious JavaScript may be executed in their browser, potentially leading to unauthorized access to user data or manipulation of content (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. For cloud service users, the fix is included in version 2023.11 and later, while on-premises users should upgrade beyond version 6.5.18.0 (Adobe Advisory).