CVE-2024-52845: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52845 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium) (NVD, Adobe Advisory).

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation). It allows an attacker to inject malicious scripts into vulnerable form fields, which can then be executed in a victim's browser when they browse to the page containing the vulnerable field. The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, user interaction, and potential for confidentiality and integrity impacts (NVD).

When successfully exploited, this vulnerability can lead to the execution of malicious JavaScript in victims' browsers when they visit affected pages. This could potentially result in unauthorized access to sensitive information, session hijacking, or other client-side attacks (NVD).

Adobe has addressed this vulnerability in Experience Manager version 6.5.22.0 and AEM Cloud Service version 2024.11.0. Users are advised to update to these versions or later to mitigate the risk (NVD).