CVE-2024-52846: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52846 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium) (NVD, Adobe Advisory).

The vulnerability allows an attacker to inject malicious scripts into vulnerable form fields within Adobe Experience Manager. When a victim browses to a page containing the compromised field, the malicious JavaScript code may be executed in their browser. The vulnerability has been assigned a CVSS vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating that it requires network access, low attack complexity, low privileges, and user interaction (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary JavaScript code in the context of the victim's browser session. This could potentially lead to theft of sensitive information, session hijacking, or other malicious actions within the scope of the user's browser session (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Advisory).