It has been discovered that the extension faq is susceptible to cross site scripting (XSS) attacks, making it possible to execute arbitrary JavaScript.
We also recommend that you subscribe to the TYPO3 Announce List, which is a low-traffic list, where only important announces like this one is being brought.