CVE-2024-53967: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that was disclosed on March 19, 2025. This vulnerability affects the Adobe Experience Manager content management system and could potentially allow attackers to execute malicious code in users' browser sessions (NVD, Adobe Security).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) issue with a CVSS v3.1 Base Score of 5.4 (Medium). The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring low privileges (PR:L) and user interaction (UI:R). The scope is changed (S:C), with low impacts on confidentiality (C:L) and integrity (I:L), but no impact on availability (A:N) (NVD).

If exploited, this vulnerability could allow attackers to execute arbitrary code within the context of the victim's browser session. The attack requires low privileges and user interaction, typically in the form of following a malicious link. This could potentially lead to unauthorized access to user data or manipulation of browser content (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Users are advised to update their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security).