An issue exists in Joomla! prior to 3.9.16. Inadequate handling of CSS selectors in the Protostar and Beez3 JavaScript allows XSS attacks.
joomla joomla\\!