An issue exists in Joomla! prior to 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.
joomla joomla\\!