Craft · Craft · CVE-2023-23927
**Name of the Vulnerable Software and Affected Versions**
Craft versions prior to 4.3.7
**Description**
The issue occurs when a payload is inserted inside a label name or instruction of an entry type, resulting in a cross-site scripting (XSS) attack in the quick post widget on the admin dashboard.
**Recommendations**
For versions prior to 4.3.7, update to version 4.3.7 to resolve the issue. As a temporary workaround, consider avoiding the insertion of potentially malicious payloads inside label names or instructions of entry types until the update is applied.