CVE-2023-48593: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and has been assigned identifier CVE-2023-48593. This security issue affects Adobe Experience Manager's form field functionality, potentially impacting both cloud service and standard installations (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium), and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The weakness is identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability allows malicious scripts to be injected into vulnerable form fields, which are then stored on the server (NVD).

When exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised field. The impact is considered medium severity, with potential for both confidentiality and integrity breaches, though no direct impact on availability has been identified (Adobe Advisory).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).