CVE-2023-48572: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2023-48572 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. The vulnerability was discovered and disclosed on December 15, 2023. This security issue impacts both the cloud service and standard installations of Adobe Experience Manager (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (CWE-79) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N) with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), with low impacts on both confidentiality and integrity (C:L, I:L) and no impact on availability (A:N) (NVD).

When successfully exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the vulnerable field. The attack can lead to compromised user sessions, data theft, or manipulation of the web interface (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).