Joomla sent out a security notice today:
Click here to read. (http://developer.joomla.org/security-centre/626-20150908-core-xss-vulnerability.html?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+JoomlaSecurityNews+%28Joomla!+Security+News%29)
Quote
Joomla! Security News
________________________________________
[20150908] - Core - XSS Vulnerability
Posted: 08 Sep 2015 07:25 PM PDT
> Project: Joomla!
> SubProject: CMS
> Severity: Low
> Versions: 3.4.0 through 3.4.3
> Exploit type: XSS Vulnerability
> Reported Date: 2015-August-18
> Fixed Date: 2015-September-08
> CVE Number: requested
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
Solution
Upgrade to version 3.4.4