CVE-2023-48614: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. The vulnerability was discovered and disclosed on December 15, 2023, and has been assigned CVE-2023-48614. This security issue affects both the cloud service and standard installations of Adobe Experience Manager (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 base score of 5.4 (Medium). The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation). The attack vector is network-accessible (AV:N) with low attack complexity (AC:L), requires low privileges (PR:L), and user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (Adobe Advisory).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when they visit a URL referencing a vulnerable page. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks (NVD).

Adobe has released security updates to address this vulnerability. Users are advised to update their Adobe Experience Manager installations to versions newer than 6.5.18 to mitigate this security risk (Adobe Advisory).