An issue exists in Joomla! 3.7.0 up to and including 3.10.6. Lack of input validation could allow an XSS attack using com_fields.
joomla joomla\\!