CVE-2024-52827: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52827 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and affects both the standard AEM installations and AEM Cloud Service versions up to 2024.11.0 (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious scripts into vulnerable form fields. When a victim browses to a page containing the compromised field, the malicious JavaScript executes in their browser context. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires low privileges and user interaction to exploit (NVD).

When exploited, this vulnerability allows attackers to execute malicious JavaScript in victims' browsers when they visit pages containing compromised form fields. This can lead to theft of sensitive information, session hijacking, or other client-side attacks within the context of the affected Adobe Experience Manager installation (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to versions newer than 6.5.21 for standard installations or version 2024.11.0 for AEM Cloud Service (Adobe Advisory).