CVE-2024-43732: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-43732 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 score of 4.6 (Medium) (NVD, Adobe Security).

The vulnerability occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. The issue specifically relates to how the application handles and processes user input that affects DOM manipulation, potentially allowing for unauthorized script execution in the browser context (NVD).

If successfully exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the victim's browser. This could potentially lead to unauthorized access to user data, session hijacking, or other malicious activities within the scope of the browser's permissions (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations using affected versions of Adobe Experience Manager should upgrade to the latest version to mitigate this security risk (Adobe Security).