CVE-2023-48564: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned CVE-2023-48564. This security flaw affects both cloud service and on-premises installations of Adobe Experience Manager (NVD Database, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It received a CVSS v3.1 base score of 5.4 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires low privileges and user interaction, with potential impacts on confidentiality and integrity (NVD Database).

When exploited, this vulnerability allows malicious JavaScript execution in a victim's browser when they access a page containing the compromised field. The attack can lead to unauthorized data access and potential manipulation of the user's browser session (NVD Database).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).