CVE-2024-53965: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The vulnerability was assigned CVE-2024-53965 and was disclosed on February 4, 2025. This security issue affects the Adobe Experience Manager platform and could potentially be exploited by attackers with low privileges (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability allows manipulation of DOM elements through crafted URLs or user input, enabling injection of malicious scripts that execute when the page is rendered (NVD).

If successfully exploited, this vulnerability allows attackers to execute arbitrary code in the context of the victim's browser session. The attack can lead to the execution of malicious scripts within the user's browser, potentially compromising the security of their session (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Vendor Advisory).