CVE-2023-48561: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48561 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was discovered and disclosed on December 15, 2023. This security flaw impacts both the cloud service and standard installations of Adobe Experience Manager (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that allows malicious scripts to be injected into vulnerable form fields. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires low privileges and user interaction for successful exploitation (Adobe Advisory).

When successfully exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised field. This can lead to unauthorized access to user data and potential manipulation of the web interface (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 to mitigate this security risk (Adobe Advisory).