CVE-2023-48574: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned CVE-2023-48574. This security flaw affects the form field functionality in AEM installations (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It received a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with impacts on confidentiality and integrity but not availability (Adobe Advisory).

When exploited, this vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the compromised field, the malicious JavaScript executes in their browser, potentially leading to unauthorized data access or manipulation (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).