An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen.
References
https://developer.joomla.org/security-centre/899-20230501-core-open-redirects-and-xss-within-the-mfa-selection.html