CVE-2024-43728: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-43728 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium severity). This security issue affects both the standard Adobe Experience Manager installations and AEM Cloud Service deployments (NVD).

The vulnerability allows attackers to inject malicious scripts into vulnerable form fields within Adobe Experience Manager. When a victim browses to a page containing the compromised field, the malicious JavaScript code can be executed within the context of the victim's browser. The vulnerability has been assigned a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, and user interaction (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the victim's browser context. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks. The CVSS scoring indicates low impacts on both confidentiality and integrity, with no impact on availability (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version. For AEM Cloud Service users, updating to version 2024.11.0 or later is recommended (NVD).