Three Joomla Security issues affecting versions 1.6.0 through 3.6.0

Three Joomla security issues have recently been disclosed

The three vulnerabilities which affect versions 1.0.6 through 3.6.0 are as follows :
• [20160802] – Core – XSS Vulnerability
• [20160801] – Core – ACL Violation
• [20160803] – Core – CSRF

Specific details of each of the vulnerabilities :

[20160802] – Core – XSS Vulnerability

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 1.6.0 through 3.6.0
• Exploit type: XSS Vulnerability
• Reported Date: 2016-February-05
• Fixed Date: 2016-August-03
• CVE Number: Requested

Description : Inadequate escaping leads to XSS vulnerability in mail component.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1

[20160801] – Core – ACL Violation

• Project: Joomla!
• SubProject: CMS
• Severity: Low
• Versions: 1.6.0 through 3.6.0
• Exploit type: ACL Violation
• Reported Date: 2016-April-29
• Fixed Date: 2016-August-03
• CVE Numbers: requested

Description : Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1

[20160803] – Core – CSRF

• Project: Joomla!
• SubProject: CMS
• Severity: Medium
• Versions: 3.6.0
• Exploit type: CSRF
• Reported Date: 2016-July-19
• Fixed Date: 2016-August-03
• CVE Numbers: requested

Description: Add additional CSRF hardening in com_joomlaupdate.
Affected Installs : Joomla! CMS version 3.6.0
Solution : Upgrade to version 3.6.1