CVE-2024-53962: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability identified as CVE-2024-53962. The vulnerability was disclosed on February 4, 2025, and affects both the standard Experience Manager installations up to version 6.5.21 and AEM Cloud Service versions up to 2024.11.0 (NVD CVE).

The vulnerability is classified as a stored Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium). The attack requires low privileges and user interaction for successful exploitation. The vulnerability is tracked under CWE-79 (Improper Neutralization of Input During Web Page Generation) (NVD CVE).

When exploited, this vulnerability allows low-privileged attackers to inject malicious scripts into vulnerable form fields. The injected malicious JavaScript code can be executed in a victim's browser when they navigate to the page containing the compromised field (NVD CVE).

Adobe has addressed this vulnerability in versions after 6.5.21 for standard installations and in version 2024.11.0 for AEM Cloud Service. Users are advised to update to the latest version to mitigate this security risk (Adobe Advisory).