CVE-2024-52824: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52824 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and affects both AEM Cloud Service and on-premise installations (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could allow an attacker to inject malicious scripts into vulnerable form fields. The CVSS v3.1 base score is 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required privileges, and user interaction (NVD).

When exploited, this vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to the page containing the vulnerable field. This can lead to unauthorized data access and potential manipulation of the user's browser session (NVD).

Adobe has addressed this vulnerability in Experience Manager versions after 6.5.21. Users are advised to update to the latest version to mitigate this security risk (Adobe Advisory).