CVE-2023-48611: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. This vulnerability was discovered and disclosed on December 15, 2023, and has been assigned CVE-2023-48611 (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), with low impact on confidentiality (C:L) and integrity (I:L), and no impact on availability (A:N) (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser. This could potentially lead to unauthorized access to sensitive information, session hijacking, or other client-side attacks (Adobe Security).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 (Adobe Security).