CVE-2023-48595: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier were identified with a stored Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and was assigned the identifier CVE-2023-48595. This security flaw affects the form field functionality in Adobe Experience Manager, potentially exposing users to malicious script injections (NVD CVE, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79). It received a CVSS v3.1 base score of 5.4 (Medium severity) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The technical assessment indicates that the vulnerability requires low attack complexity and low privileges to exploit, though user interaction is required (NVD CVE).

When successfully exploited, this vulnerability allows malicious JavaScript execution in victims' browsers when they access pages containing compromised form fields. The impact is characterized by low confidentiality and integrity breaches, with no effect on availability. The cross-site scripting vulnerability could potentially lead to unauthorized data access or manipulation within the context of the affected application (Adobe Advisory).

Adobe has addressed this vulnerability in versions after 6.5.18 of Experience Manager. Users are advised to update their installations to the latest version to mitigate this security risk (Adobe Advisory).