An issue exists in Joomla! 4.2.0 up to and including 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
joomla joomla\\!