CVE-2023-51464: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2023-51464. The vulnerability was disclosed on January 18, 2024, and affects both cloud service and on-premises installations of Adobe Experience Manager (NVD).

This vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability that could be exploited by a low-privileged attacker. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability is associated with CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

When successfully exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to the page containing the vulnerable field, the malicious JavaScript may be executed in their browser, potentially leading to unauthorized actions or data theft (NVD).

Adobe has addressed this vulnerability in newer versions of Experience Manager. Organizations are advised to upgrade to versions later than 6.5.18 to mitigate this security risk (NVD).