CVE-2023-48565: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability that was disclosed on December 15, 2023. This vulnerability affects both the cloud service and standard installations of Adobe Experience Manager (NVD, Adobe Advisory).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N), requires low attack complexity (AC:L), low privileges (PR:L), user interaction (UI:R), and has a changed scope (S:C) with low confidentiality and integrity impact (C:L, I:L) and no availability impact (A:N) (NVD).

If successfully exploited, this vulnerability could allow a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when the victim visits a URL referencing a vulnerable page (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager beyond version 6.5.18 (Adobe Advisory).