CVE-2023-48582: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and affects both the standard and cloud service versions of the software (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction, with a changed scope and low impact on confidentiality and integrity (NVD).

If exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the vulnerable field. This can lead to unauthorized access to user data and potential manipulation of the web interface within the context of the victim's browser session (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager. The fix is available through the official Adobe security bulletin (Adobe Advisory).