CVE-2023-48471

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.5%

top 34.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Adobe Experience Manager Cloud Service Adobe Adobe Experience Manager Adobe Experience Manager

Timeline

PublishedDec 15

Description

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDadobe/experience_manager_cloud_service< 2023.11

▶NVDadobe/experience_manager6.5.18.0

▶CVEListV5adobe/adobe_experience_manager6.5.18

Patches

Patch: helpx.adobe.com ↗Patch: helpx.adobe.com ↗

🔴Vulnerability Details

CVEList

Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)↗2023-12-15

▶

GHSA

GHSA-63fm-w62g-7735: Adobe Experience Manager versions 6↗2023-12-15

▶