CVE-2024-43726: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-43726 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager (AEM) versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and involves the potential injection of malicious scripts into vulnerable form fields (NVD).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue (CWE-79) with a CVSS v3.1 base score of 5.4 (Medium). The attack vector is network-accessible (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C) with low confidentiality and integrity impacts (C:L, I:L) and no availability impact (A:N) (NVD).

If exploited, this vulnerability allows attackers to inject malicious scripts into vulnerable form fields, which can then be executed in a victim's browser when they visit the page containing the compromised field. This could potentially lead to unauthorized access to user data and manipulation of web content (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).