An issue exists in Joomla! 2.5.0 up to and including 3.9.24. Missing filtering of messages showed to users that could lead to xss issues.
joomla joomla\\!