An issue exists in Joomla! 3.0.0 up to and including 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
joomla joomla\\!