CVE-2023-23927

Name of the Vulnerable Software and Affected Versions Craft versions prior to 4.3.7

Description The issue occurs when a payload is inserted inside a label name or instruction of an entry type, resulting in a cross-site scripting (XSS) attack in the quick post widget on the admin dashboard.

Recommendations For versions prior to 4.3.7, update to version 4.3.7 to resolve the issue. As a temporary workaround, consider avoiding the insertion of potentially malicious payloads inside label names or instructions of entry types until the update is applied.