CVE-2024-41845: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager (AEM) versions 6.5.20 and earlier contain a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-41845. The vulnerability was discovered and disclosed on August 23, 2024, affecting Adobe Experience Manager installations including both on-premise deployments up to version 6.5.20 and AEM Cloud Service versions prior to 2024.5 (NVD Database, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) that allows attackers to inject malicious scripts into vulnerable form fields. When victims browse to pages containing the compromised fields, the malicious JavaScript executes in their browsers. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD Database).

When successfully exploited, this vulnerability allows attackers to execute malicious JavaScript code in victims' browsers when they visit pages containing the compromised form fields. This can lead to unauthorized access to sensitive browser-based information and potential manipulation of the web application's content from the victim's perspective (NVD Database).

Adobe has addressed this vulnerability by releasing updated versions of the Experience Manager. Users should upgrade to versions newer than 6.5.20 for on-premise deployments or ensure their AEM Cloud Service installation is updated to version 2024.5 or later (Adobe Advisory).