CVE-2023-48552: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48552. The vulnerability was disclosed on December 15, 2023, and affects both AEM on-premise installations and cloud service versions up to 2023.11 (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low confidentiality (C:L) and integrity (I:L) impacts, and no availability impact (A:N) (NVD).

When exploited, this vulnerability allows malicious JavaScript execution in a victim's browser when they navigate to a page containing the compromised field. The attack can lead to unauthorized data access and potential manipulation of web content within the context of the affected AEM instance (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. For cloud service users, the fix is included in version 2023.11 and later (Adobe Advisory).