CVE-2024-43739: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-43739 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium severity). This security issue affects both the standard Adobe Experience Manager installations and AEM Cloud Service deployments (NVD).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It allows attackers to inject malicious scripts into vulnerable form fields, which can then be executed in a victim's browser when they browse to the page containing the vulnerable field. The vulnerability requires low privilege levels and user interaction for successful exploitation, with a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

When exploited, this vulnerability can lead to the execution of malicious JavaScript in the victim's browser context when they access a page containing the compromised field. This could potentially result in unauthorized data access, session hijacking, or other client-side attacks (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations using affected versions should upgrade to the latest version of Adobe Experience Manager. For AEM Cloud Service users, updating to version 2024.11.0 or later is recommended (NVD).