The three vulnerabilities which affect versions 1.0.6 through 3.6.0 are as follows :
• [20160802] – Core – XSS Vulnerability
• [20160801] – Core – ACL Violation
• [20160803] – Core – CSRF
Specific details of each of the vulnerabilities :
Description : Inadequate escaping leads to XSS vulnerability in mail component.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1
Description : Inadequate ACL checks in com_content provide potential read access to data which should be access restricted to users with edit_own level.
Affected Installs : Joomla! CMS versions 1.6.0 through 3.6.0
Solution : Upgrade to version 3.6.1
Description: Add additional CSRF hardening in com_joomlaupdate.
Affected Installs : Joomla! CMS version 3.6.0
Solution : Upgrade to version 3.6.1