An issue exists in Joomla! 3.0.0 up to and including 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page