A reflected XSS vulnerability exists in the Clicky Analytics Dashboard module for Joomla.
deconf clicky analytics dashboard