CVE-2024-52822: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52822 is a DOM-based Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and affects both AEM Cloud Service and on-premise installations (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability allows an attacker to manipulate DOM elements through crafted URLs or user input, enabling the injection of malicious scripts that execute when the page is rendered (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code in the context of the victim's browser session. The attack requires user interaction, as the victim would need to access a manipulated URL or page containing the malicious script (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (NVD).