CVE-2023-48622: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability. This security flaw was discovered and reported to Adobe Systems Incorporated, with the vulnerability being assigned CVE-2023-48622. The issue was publicly disclosed on December 15, 2023 (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that affects form fields in Adobe Experience Manager. It received a CVSS v3.1 base score of 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with a changed scope and low impacts on confidentiality and integrity (Adobe Security Bulletin).

When exploited, this vulnerability allows malicious JavaScript code execution in a victim's browser when they access a page containing the compromised field. The attack can lead to unauthorized data access and potential manipulation of the user's browser session (NVD).

Adobe has addressed this vulnerability in versions after 6.5.18. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security Bulletin).