CVE-2023-48575

Summary

CVE-2023-48575 is a stored Cross-Site Scripting (XSS) vulnerability that affects Adobe Experience Manager versions 6.5.18 and earlier. This vulnerability allows a low-privileged attacker to inject malicious scripts into vulnerable form fields, which can be executed in a victim's browser when they access the page containing the vulnerable field. The vulnerability has a risk score of 25 and is categorized as CWE-79 (Improper Neutralization of Input During Web Page Generation). It has a base severity of MEDIUM and a base score of 5.4 according to the Common Vulnerability Scoring System (CVSS) v3.1. The exploitability score is 2.3, and the privileges required for exploitation are low. User interaction is required, and the attack vector is through the network. The impact on integrity and confidentiality is low, while availability impact is none. Affected products include various versions of Adobe Experience Manager, as well as other related products such as YLUd9f, YLUd9e, RSDnYR, QtqZiM, i-U_Zy, gXxIDh, ZkaO1A, taskvn, kmLqxH, cjzo1N, arCQia, fQXD_F, YBmKU9, T4FKi8, YLUd_h, qglG5U among others. To remediate this vulnerability, users should upgrade to a version later than 6.5.18 provided by Adobe Experience Manager.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.