CVE-2023-48606: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was disclosed on December 15, 2023, and assigned identifier CVE-2023-48606. This security issue affects Adobe Experience Manager software installations up to and including version 6.5.18 (NVD).

The vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector requires network access (AV:N), low attack complexity (AC:L), low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), and no impact on availability (A:N) (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Security).