An issue exists in Joomla! prior to 3.9.4. The item_title layout in edit views lacks escaping, leading to XSS.
joomla joomla\\!