CVE-2023-48477 MEDIUM

CVE-2023-48477: Adobe Experience Manager | Cross-site Scripting (DOM-based XSS) (CWE-79)

Vendor Adobe

Product Adobe Experience Manager

Weakness CWE-79 · XSS

Published December 15, 2023

Last update October 7, 2024

View on NVD All CVEs

CVSS base score

5.4/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.

Key dates

02Disclosure timeline

December 15, 2023 CVE published

October 7, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-48477 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-4985 Stored Cross-site Scripting (XSS) vulnerability affecting Risk Management in Project Portfolio Manager from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2025x CVE-2018-3821 CVE-2024-2922 Themesflat Addons For Elementor <= 2.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Widget Tags CVE-2025-49126 Visionatrix Vulnerable to Reflected XSS Leading to Exfiltration of Secrets CVE-2025-12033 Simple Banner <= 3.0.10 - Authenticated (Admin+) Stored Cross-Site Scripting