An issue exists in Joomla! prior to 3.9.3. Inadequate parameter handling in JavaScript code (core.js writeDynaList) could lead to an XSS attack vector.
joomla joomla\\!