CVE-2023-48584 in Experience Manager
Summary
by MITRE • 12/15/2023
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 09/20/2025
Adobe Experience Manager versions 6.5.18 and earlier contain a stored cross-site scripting vulnerability that represents a significant security risk for organizations relying on this content management platform. This vulnerability falls under the CWE-79 category of Cross-Site Scripting, specifically manifesting as a stored XSS flaw that allows attackers to inject malicious scripts into form fields within the AEM interface. The vulnerability exists due to insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data before rendering it in web pages. Attackers with low privileges can exploit this weakness by submitting malicious payloads through form fields, which are then stored in the system and executed when other users view the affected content.
The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with a persistent vector for various malicious activities. When victims browse to pages containing the vulnerable form fields, their browsers execute the injected JavaScript code, potentially leading to session hijacking, credential theft, data exfiltration, or redirection to malicious sites. The stored nature of this vulnerability means that the malicious scripts remain active until manually removed from the system, providing attackers with extended periods of access and potential for further exploitation. This vulnerability directly aligns with ATT&CK technique T1566.001 for Phishing and T1059.007 for Command and Scripting Interpreter, as it enables attackers to deliver malicious payloads through web interfaces and execute arbitrary code in victim browsers.
Organizations utilizing Adobe Experience Manager versions 6.5.18 or earlier face substantial risk from this vulnerability, particularly in environments where multiple users interact with form-based content management interfaces. The low privilege requirement for exploitation makes this vulnerability particularly dangerous as it can be leveraged by insiders or compromised low-privilege accounts to gain elevated access to sensitive content and user data. Security teams should immediately implement mitigations including input validation controls, output encoding for all user-supplied content, and regular security assessments of form fields and content management interfaces. Adobe has released patches for this vulnerability in later versions of AEM, and organizations should prioritize upgrading to supported releases that contain the necessary security fixes. Additionally, implementing web application firewalls and content security policies can provide additional layers of protection against exploitation attempts, while regular security training for content managers can help reduce the risk of successful social engineering attacks that might leverage this vulnerability.