CVE-2023-48562: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48562. The vulnerability was discovered and disclosed on December 15, 2023, affecting both cloud service and on-premises installations of Adobe Experience Manager (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), and requires user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD).

When exploited, this vulnerability allows malicious JavaScript code execution in a victim's browser when they browse to a page containing the vulnerable field. The attack can lead to potential information disclosure, session theft, or client-side request forgery (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is detailed in Adobe's security bulletin (Adobe Advisory).