CVE-2023-26123

Name of the Vulnerable Software and Affected Versions raysan5/raylib versions prior to 4.5.0

Description The issue is related to Cross-site Scripting (XSS) where the SetClipboardText API does not properly escape the character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via theemscripten run script` function. This vulnerability is present only when compiling raylib for PLATFORM WEB, and all other Desktop/Mobile/Embedded platforms are not affected.

Recommendations For versions prior to 4.5.0, update to version 4.5.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of the SetClipboardText API when compiling for PLATFORM WEB until a patch is available.