CVE-2024-53968: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on March 19, 2025, and was assigned identifier CVE-2024-53968 (NVD).

The vulnerability is classified as a DOM-based Cross-Site Scripting (XSS) vulnerability (CWE-79). It has been assigned a CVSS v3.1 Base Score of 5.4 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The vulnerability allows a low privileged attacker to inject malicious scripts that are executed by the victim's browser by manipulating the DOM environment (NVD).

If exploited, this vulnerability could allow attackers to execute arbitrary code in the context of the victim's browser session. This could potentially lead to unauthorized access to user data, session hijacking, or other malicious activities within the scope of the browser's permissions (NVD).

Adobe has addressed this vulnerability in versions after 6.5.21. Users are advised to upgrade their Adobe Experience Manager installations to the latest version to mitigate this security risk (Adobe Security).