Because of the 403 and message at the bottom of the modal window (proudly powered by...) it looks like a permission problem from the server. Do you see errors on the browser console?
Set the error report to maximum and activate the debug modus, maybe you get more informations where the problem comes from.

This is most likely to be a mod_security rule on the server that has been applied by your web host and there is an error in the rule. You should speak to your web host and ask them to check the mod_security logs.

It is not a joomla issue.

Closing as not a Joomla issue. Feel free to re-open if you think this is wrong. But I agree with the previous said, it's an issue caused by your host.

Thank you drmenzelit. I turned on error reporting but get none. As a non developer the debug mode provides nothing I can make sense of.

brianteeman "It is not a joomla issue." Perhaps it is not but in the spirit of continuous improvement and user engagement, this stock answer is unhelpful. Firstly, the webhost is Rochen, the very people named at the bottom of this Issue Tracker so if they are getting it wrong it doesn't inspire confidence! Secondly, given your comments I have just installed a copy of a Joomla 3.10.8 website on the same server that works as expected when following the exact same steps. You will therefore perhaps appreciate the reason I have taken the time to report this.

As a non developer the debug mode provides nothing I can make sense of.

@nineoo But you could make a screen shot or text copy of the call stack shown when debug mode is on, so developers here or in the support forum could understand it.

If you can, do that and post here, then we can see if it is a Joomla issue and re-open your issue report here.

Thanks in advance.

Update: Of course it will only show a call stack if there is some PHP error, not if there is a 403.

There are no errors being reported - not sure if this means anything:

Also, why do none of the buttons work to exit the pop up panel - can that be a server issue?

#
#Date: 2022-04-07 14:08:59 UTC
#Software: Joomla! 4.1.2 Stable [ Kuamini ] 30-March-2022 16:00 GMT

#Fields: datetime priority clientip category message
2022-04-07T14:08:59+00:00 INFO xx controller Holding edit ID com_menus.edit.item.101 Array ( [0] => 101 )
2022-04-07T14:11:13+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.101 Array ( )
2022-04-07T14:11:39+00:00 INFO xx controller Holding edit ID com_menus.edit.item.103 Array ( [0] => 103 )
2022-04-07T14:20:20+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.103 Array ( )
2022-04-07T14:20:26+00:00 INFO xx controller Holding edit ID com_menus.edit.item.101 Array ( [0] => 101 )
2022-04-07T14:25:12+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.101 Array ( )
2022-04-07T14:25:15+00:00 INFO xx controller Holding edit ID com_menus.edit.item.102 Array ( [0] => 102 )
2022-04-07T14:28:20+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.102 Array ( )
2022-04-07T14:29:32+00:00 INFO xx controller Holding edit ID com_menus.edit.item.101 Array ( [0] => 101 )
2022-04-07T14:33:34+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.101 Array ( )
2022-04-07T15:18:59+00:00 INFO xx controller Holding edit ID com_menus.edit.item.101 Array ( [0] => 101 )
2022-04-07T15:19:45+00:00 INFO xx controller Releasing edit ID com_menus.edit.item.101 Array ( )

@nineoo It was not a stock answer. It was an answer specific to your reported problem based on over a decade's experience.

Secondly, given your comments I have just installed a copy of a Joomla 3.10.8 website on the same server that works as expected when following the exact same steps.

That doesn't mean that the permissions for the folders are the same or that the htaccess is the same. Something is configured differently on the two sites and that is why you get the error. If you hoster give you access to the server log files you can also look there.
I'm running several Joomla 4 sites on different hosters and haven't had that problem.

I have been in contact with the webhost who've done a workaround. I've also sent the details of the cause to the security team.

@drmenzelit @richard67 thank you.

@brianteeman I don't doubt your enthusiasm, knowledge, experience and passion for Joomla, it is clear to see. I just happen to disagree with the assessment that it is not a "Joomla" issue. From a Developer point of view it may not be a Joomla issue but to me, who may not be as passionate about Joomla as you, but promote it at every opportunity, it is people like me that influence Managers, Company Directors and Board Members to make decisions to use Joomla. Whatever issues arise, for whatever the reason, it is Joomla that is judged, be that right or wrong. So, in the end, for people looking from the outside in, like it or not, it is a Joomla issue. Be-it a core issue, a hosting issue or any other it can be perceived as a Joomla issue. Right now, this and a number of other niggling issues could be perceived as a reason to question the move to Joomla 4 - that's the last thing I want to happen.

If the Issue Tracker just closes issues like this down, user feedback is wasted - which is a shame.

The Developers have achieved so much with Joomla 4, it knocks spots off the competition - well done to everyone involved. But there are pain points with moving to Joomla 4. On this occasion I feel like I have wasted my time, and yours but that old chestnut "it works on my machine" doesn't quite cut it these days!

That said, thank you again.

dont worry I have made a note never to try and help you again.

I have experienced the same issue with Joomla 4 on several different servers, when using the edit button on the menu item of an article in the admin area. It appears to be caused by the modal code and an escaped single-quote, which triggers mod security.

This is what Mod Security has recorded
Request: GET /administrator/index.php?option=com_content&view=article&layout=modal&tmpl=component&c031c1a6095d274fd4db831353fc1c01=1&task=article.edit&id=%27%2022%20%27
Action Description: Access denied with code 403 (phase 2).
Justification: String match "'" at ARGS:id.

DEFA-1785
SecRule REQUEST_METHOD "@rx ^GET$" "id:77140923,chain,phase:2,block,log,severity:2,t:none,t:normalizePath,msg:'IM360 WAF: Joomla Component Jreservation Blind SQLi Vulnerability||MVN:%{MATCHED_VAR_NAME}||T:APACHE||MV:%{MATCHED_VAR}||',tag:'service_i360custom',tag:'joomla_plugin'"
SecRule REQUEST_FILENAME "@ENDSWITH /index.php" "chain,t:none,t:normalizePath"
SecRule ARGS:option "@Streq com_content" "chain,t:none"
SecRule ARGS:view "@Streq article" "chain,t:none"
SecRule ARGS:id "@contains '" "t:none"

I'm seeing this error as well and it appears to be related to how the article ID is included in the modal popup article link. See attached screenshots for documentation of the issue. The link includes extraneous single quotes and double space on either side of the article ID. If these are manually removed from the link using the "inspect element" tool the editor then works as expected. (apologies for screenshots out of sequence)

In my case it turned out that this was a mod security rule being triggered by a single unclosed quote in the modal code.

So depending on your view point, it is either caused by an error in the Joomla code resulting in mod security blocking it. Or over unnecessary mod security rule, which some see as poor hosting.

The solution for me was to disable the mod security rule. See link below to Facebook discussion

https://m.facebook.com/groups/joomlanospam/permalink/10158437621590997/

Or test the pull request for this issue