CVE-2023-48573: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-48573. The vulnerability was discovered and disclosed on December 15, 2023, affecting both cloud service and on-premises installations of Adobe Experience Manager (NVD, CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs low privileges (PR:L), requires user interaction (UI:R), and has a changed scope (S:C) with low confidentiality and integrity impact (C:L/I:L) and no availability impact (A:N) (NVD).

If successfully exploited, the vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the vulnerable field, the malicious JavaScript code may be executed in their browsers (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to upgrade their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Advisory).