CVE-2023-48618: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability that was disclosed on December 15, 2023. The vulnerability affects both cloud service and on-premises installations of Adobe Experience Manager (Adobe Advisory, NVD).

This vulnerability is classified as a DOM-based Cross-site Scripting (XSS) issue, identified as CWE-79 (Improper Neutralization of Input During Web Page Generation). The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

If successfully exploited, this vulnerability allows a low-privileged attacker to execute malicious JavaScript content within the context of the victim's browser when the victim visits a URL referencing a vulnerable page (Adobe Advisory).

Adobe has released security updates to address this vulnerability. Users are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).