CVE-2023-48560: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48560. The vulnerability was disclosed on December 15, 2023, affecting Adobe Experience Manager's form field functionality (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is characterized as network-accessible (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low impacts to confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD).

When exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. The injected JavaScript code can be executed in a victim's browser when they access the page containing the compromised field (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to the latest version of Adobe Experience Manager to mitigate the risk (Adobe Advisory).