It has been discovered that the extension "mm_forum" (mm_forum) is vulnerable to Arbitrary Code Execution, Cross-Site Scripting and Cross-Site Request Forgery

More... (http://typo3.org/news/article/several-vulnerabilities-in-extension-mm-forum-mm-forum/)