Joomla sent out a security notice today:
You can view it on their site here:
http://developer.joomla.org/security-centre/
Quote
[20150908] - Core - XSS Vulnerability
Project: Joomla!
SubProject: CMS
Severity: Low
Versions: 3.4.0 through 3.4.3
Exploit type: XSS Vulnerability
Reported Date: 2015-August-18
Fixed Date: 2015-September-08
CVE Number: CVE-2015-6939
Description
Inadequate escaping leads to XSS vulnerability in login module.
Affected Installs
Joomla! CMS versions 3.4.0 through 3.4.3
Solution
Upgrade to version 3.4.4