CVE-2024-53969: 
Adobe Experience Manager vulnerability analysis and mitigation

Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. The vulnerability was disclosed on March 19, 2025, and was assigned identifier CVE-2024-53969 (NVD).

The vulnerability is a DOM-based Cross-Site Scripting (XSS) that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, a low privileged attacker can inject malicious scripts that are executed by the victim's browser. The vulnerability has been assigned a CVSS v3.1 base score of 5.4 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N (NVD).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary code within the context of the victim's browser session. The attack requires user interaction, typically in the form of following a malicious link (NVD).

Adobe has released security updates to address this vulnerability. Users should upgrade to a version newer than Adobe Experience Manager 6.5.21 (Adobe Security).