CVSS 3.1 Score 5.4 of 10 (medium)


Published Dec 15, 2023
Updated: Dec 16, 2023


CVE-2023-48575 is a stored Cross-Site Scripting (XSS) vulnerability that affects Adobe Experience Manager versions 6.5.18 and earlier. This vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which can be executed in a victim's browser when they access the page containing the vulnerable field. The vulnerability has a risk score of 25 and is categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has a base severity of MEDIUM and a base score of 5.4 according to the Common Vulnerability Scoring System (CVSS) v3.1. The exploitability score is 2.3, and the privileges required for exploitation are low. User interaction is required, and the attack vector is through the network. The impact on integrity and confidentiality is low, while availability impact is none. Affected products include various versions of Adobe Experience Manager, as well as other related products such as YLUd9f, YLUd9e, RSDnYR, QtqZiM, i-U_Zy, gXxIDh, ZkaO1A, taskvn, kmLqxH, cjzo1N, arCQia, fQXD_F, YBmKU9, T4FKi8, YLUd_h, qglG5U among others. To remediate this vulnerability, users should upgrade to a version later than 6.5.18 provided by Adobe Experience Manager.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-48575 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options