CVE-2024-52858: 
Adobe Experience Manager vulnerability analysis and mitigation

CVE-2024-52858 is a stored Cross-Site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.21 and earlier. The vulnerability was disclosed on December 10, 2024, and received a CVSS v3.1 base score of 5.4 (Medium) (NVD, Adobe Advisory).

The vulnerability allows an attacker to inject malicious scripts into vulnerable form fields within Adobe Experience Manager. When a victim browses to the page containing the vulnerable field, the malicious JavaScript may be executed in their browser. The vulnerability has been assigned CWE-79 (Improper Neutralization of Input During Web Page Generation) and received a CVSS v3.1 vector string of CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, and user interaction (NVD).

If exploited, this vulnerability could allow attackers to execute malicious JavaScript code in victims' browsers when they visit affected pages. This could potentially lead to theft of sensitive information, session hijacking, or other client-side attacks within the context of the affected Adobe Experience Manager installation (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Organizations using affected versions should upgrade to the latest version of Adobe Experience Manager to mitigate this security risk (Adobe Advisory).