In Joomla! prior to 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
joomla joomla\\!