Stano Paska

**Name of the Vulnerable Software and Affected Versions** TYPO3 mm forum extension versions prior to 1.9.3 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML. **Recommendations** For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** TYPO3 mm forum extension versions prior to 1.9.3 **Description** The issue allows remote attackers to execute arbitrary code by uploading a file with an executable extension. This is achieved by accessing the uploaded file via unspecified vectors. **Recommendations** For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to prevent exploitation until the update is applied.

**Name of the Vulnerable Software and Affected Versions** TYPO3 mm forum extension versions prior to 1.9.3 **Description** A cross-site request forgery (CSRF) issue allows remote attackers to hijack user authentication for creating posts. **Recommendations** For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue.