CVE-2023-48496

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Dec 15, 2023

Updated: Dec 18, 2023

CWE ID 79

Summary

CVE-2023-48496 is a Cross-site Scripting (XSS) vulnerability affecting Adobe Experience Manager versions 6.5.18 and earlier. An attacker, with low privileges, can manipulate a URL to references a vulnerable page, enabling them to inject malicious JavaScript code that executes within the context of the victim's browser. This issue poses a significant risk for data theft or unauthorized access. Users are advised to update their Adobe Experience Manager instances immediately to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Adobe Experience Manager
Adobe Experience Manager AEM Cloud Service

Affected Vendors

Adobe

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tcTkHV
https://www.cve.org/CVERecord?id=CVE-2023-48496
https://nvd.nist.gov/vuln/detail/CVE-2023-48496

Back to Vulnerability Database