An issue exists in Joomla! 3.1.0 up to and including 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.
joomla joomla\\!