CVE-2023-48589: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability, identified as CVE-2023-48589. The vulnerability was discovered and disclosed on December 15, 2023, and affects both cloud service and standard installations of Adobe Experience Manager (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium severity). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), and no impact on availability (A:N) (NVD).

If successfully exploited, this vulnerability allows malicious JavaScript content to be executed within the context of the victim's browser. The attack requires a low-privileged attacker to convince a victim to visit a URL referencing a vulnerable page (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version (Adobe Advisory).