CVE-2024-43724: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-43724 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium severity). This security issue affects both the standard Adobe Experience Manager installations and AEM Cloud Service versions (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue (CWE-79) that could be exploited by manipulating a DOM element through a crafted URL or user input. When successfully exploited, the vulnerability allows attackers to inject malicious scripts that run when the page is rendered in the victim's browser session. The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, and user interaction (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the victim's browser session. The impact is considered medium severity with potential for compromising user data and browser session integrity. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21 for standard installations and in version 2024.11.0 for AEM Cloud Service. Organizations are advised to update to the latest version of Adobe Experience Manager to mitigate this security risk (NVD).