CVE-2023-48571: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned identifier CVE-2023-48571. This security flaw affects Adobe Experience Manager's form field functionality, potentially impacting both cloud service and standard installations (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This scoring indicates that the vulnerability requires low attack complexity, needs low privileges to exploit, and requires user interaction (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript execution in a victim's browser when they browse to a page containing the compromised field. The attack can lead to limited confidentiality and integrity breaches, though it does not affect system availability (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Advisory).