CVE-2023-51460: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.18 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-51460. The vulnerability was disclosed on December 20, 2023, and affects both AEM on-premise installations up to version 6.5.18.0 and AEM Cloud Service versions prior to 2023.11.0 (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that allows malicious script injection into vulnerable form fields. The vulnerability has received a CVSS v3.1 base score of 5.4 (Medium), with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction for successful exploitation (NVD).

When exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to a page containing the compromised field. This can lead to unauthorized access to user data and potential manipulation of the browser session within the context of the affected AEM instance (Adobe Advisory).

Adobe has addressed this vulnerability in AEM Cloud Service version 2023.11.0 and recommends users to upgrade to the latest version. For on-premise installations, users should upgrade to versions newer than 6.5.18.0 to mitigate this security risk (Adobe Advisory).