Lack of escaping leads to an XSS vulnerability in the generic image output layout.CreditsPavel Kohout, Aisle ResearchReferenceshttps://developer.joomla.org/security-centre/1061-20260707-core-xss-in-the-generic-image-output-layout.html