CVE-2024-52854: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52854 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received an initial assessment from Adobe Systems Incorporated (NVD, Adobe Advisory).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) vulnerability (CWE-79) that could allow an attacker to inject malicious scripts into vulnerable form fields. The CVSS v3.1 base score is 5.4 (Medium) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability requires network access, low attack complexity, low privileges, and user interaction, with potential impact on confidentiality and integrity (NVD).

If exploited, the vulnerability allows malicious JavaScript to be executed in a victim's browser when they browse to the page containing the vulnerable field. This could potentially lead to unauthorized access to user data, session hijacking, or other client-side attacks (NVD).

Adobe has addressed this vulnerability in Experience Manager versions after 6.5.21. Users are advised to update to the latest version to mitigate the risk (Adobe Advisory).