– Insufficient session expiration in MFA management views
– Open redirect in installation application
– XSS in media selection fields
– XSS in mail address outputs
– Inadequate content filtering within the filter code
https://www.joomla.org/announcements/release-news/5904-joomla-5-0-3-and-4-4-3-security-and-bug-fix-release.html

Please update your joomla installation now!